Rate limiter module for Remotes

Is it a good idea for example:
You make a cooldown on the client that lasts 1 second, then on the server you make it so if its fired more than 5 times a second you kick the player, is that a good idea?

The client firing more often than should be possible indeed seems like a sign of a client exploiting. Make sure to test your system enough to avoid false positives caused by a player’s slow or unstable internet connection. I’m unsure if Roblox queues up remote requests (and fires them rapidly when the connection is back) or ignores them in these cases.

In any case, it’s good practice to make sure nothing happens when the event is indeed exceeding its expected limits.

(Sorry for the late reply.)

This is a very late response and I like Xander’s response above, but no you probably shouldn’t just be kicking players that fire a remote like that.

Let me put it into a reasonable ideal:

  • Using this module, you can limit all players requests very simply.

  • If you do it right, there’s no difference from an exploiter and someone with a really good macro or someone on a constant grind.

So rather than finding edge-case solutions for punishing the exploiters (who you cannot truly differentiate,) you should instead focus on making their exploits less harmful to the balance of your game.

1 Like

sorry for the slight bump but i cant seem to get this working on my gun, it only works once for me

for context the gun is completely client sided and the bullets and audio are handled on the server

this is the server code:

	local gun = plr.Character:FindFirstChildWhichIsA('Tool')
	if gun:FindFirstChild('GunModule') then
		if gun and FloodCheck:Check(plr, FireGun, require(gun.GunModule).commons.Rate) then
			if GunFires:FindFirstChild(gun.Name) then
				local sfx = GunFires:FindFirstChild(gun.Name)
				local firesound = sfx.Fire:Clone()
				firesound.Parent = gun.Handle
				plr:Kick('Error: Could not locate cooresponding gun sound')
		plr:Kick('Error: No gun module')

if you need more info let me know

no, make the ratelimit both in client and server, and if server detecyed it reached that limit irs very obvious its an exploiter and you should kick it.

You should probably add some leeway in the rate of the flood check and not make it equal to the exact firing rate. This accounts for a variable networking delay etc.

I’d also recommend handling the sounds and effects on the client and not on the server. This will decrease latency and will make your guns feel more responsive.

With your supplied code, I’m unable to tell what’s preventing your gun from shooting a second time. Perhaps it’s the code running on the client? Perhaps Scripting support could help you out further? If after debugging, you believe it’s my module that’s the cause of the problem, then feel free to DM me and maybe we can help each other to fix it. (DMing for other help is fine too, but the scripting support forum is likely quicker.)

i’ve already fixed this issue, i just used a table with the players user id, though ill provide some answers if i want to use this in the future

i have tested it in game with a friend and it seems like there isn’t noticeable a delay to the sound or bullets

yeah, i was just doing that temporarily since i just wanted to get the main system done first

i don’t think so, all the script did was fire a remote event with no parameters