How to prevent if someone spam socket connection like this:
for (let i = 0; i < 10000000; i++) {
io.connect('ws://localhost:9001');
}
I've googled but all of the topic is talking about how to prevent emit by rate limit and etc. But rate limit couldn't be used if someone spamming connections instead of spamming message. Any solution or hint for this? Thanks
Every websocket connection request's first step is HTTP GET handshake request, so you can limit number of requests on load-balancer/proxy server by IP. All requests over the limit would be declined before reaching your application. For example, read about how to do it with Nginx web proxy here.
If you can't or don't want to setup proxy server, you can do the same on application level with packages like rate-limiter-flexible or express-rate-limit.
io.on('connection', function (socket) {
// rate limit here by IP or user ID
});