Today we're happy to launch the first version of Metrics, a powerful way of filtering and creating rules based on time series data. With Metrics, you can quickly set up rate limiting rules based on counters, e.g. to block requests with more than 10 failed logins per IP in the last hour, or when the number of users per device exceeds 2.
In this first release, we're launching a set of fixed metrics, designed to help you stop spam and abuse:
- Number of logins and registrations per IP, last hour. Ideal for rate limiting and blocking spam behavior.
- Number of users per device. Used to stop excessive multi-accounting, while allowing normal usage to go on without friction.
- Number of users per IP, last day. Also useful to strengthen your defenses against multi-accounting.
All of these can be used both in policies, as part of criteria in rules, and in the Explore view, where you're able to efficiently tune the thresholds based on historic data and see the impact directly. In upcoming releases, you'll be able to write completely custom metrics, to capture abusive behavior exactly the way you want it!