I have looked in the developer forms (and found similar questions – for example this forum post – but no clear answers) to my following question:
I have built a rasa chat bot (which uses the rasa action server). I want to build a custom UI for my website (not using WebChat) which will use socketIO. However, I only want to send back responses to user messages if the user messages are sent from my website. Some one could easily create their own website and connect to my Rasa chatbot server and get responses generated from my server. How do I avoid this? ALSO, How do I do socketIO with ONLY Rasa NLU.
hi @developer123 ! The socketio connection is implemented in the
core part of the Rasa library, so if you’re just using NLU you’ll have to create your own server for handling socketio, then running your NLU model, and then responding to the user too.
alternatively, you could create a rasa core model with a single action that always calls out to your other service.
One thing you could do is turn off all
CORS headers and make sure that your site and bot backend are on the same domain. That doesn’t stop people querying your backend programatically, but does mean the bot won’t work on any other domains / websites
Is there a way to set a rate limit/throttling limit on the number of requests to the server if I use socket io’s built in with rasa core?
@amn41 Is there a way to set a rate limit/throttling limit on the number of requests to the server if I use socket io’s built in with rasa core?
probably the easiest way to do that would be to put an nginx service in front of the rasa server, e.g. https://www.nginx.com/blog/rate-limiting-nginx/