URL Shortener - Step 5: Edge Cases & Failure Handling

Step 5 of 6: E - Edge Cases

Handle failures, special scenarios, and security concerns

⚠️ Potential Failure Points

System Failure Points & MitigationClient1Load Balancer2App Service3Redis Cache4Database5Failure Scenarios & Solutions:1. Network Timeout→ Client retry with exponential backoff + jitter2. LB Failure→ Multiple LBs with health checks, DNS failover3. Service Crash→ Auto-restart, multiple instances, circuit breaker4. Cache Down→ Fallback to DB, cache warming, Redis Sentinel5. DB Unavailable→ Read replicas, multi-master, graceful degradation6. ID Collision→ Retry with new ID, collision detection, monitoring alerts

🔄 Custom URL Collisions

Problem:

User wants "amazon" but it's taken

Solutions:

  • • Check availability before creation
  • • Suggest alternatives: amazon1, amazon-2024
  • • Reserve premium names
  • • First-come-first-served policy

🚫 Rate Limiting & Abuse

Attack Vectors:

  • • Spam URL creation
  • • Malicious redirects
  • • Resource exhaustion

Protections:

  • • IP rate limiting: 100 URLs/hour
  • • CAPTCHA after 10 URLs
  • • Blacklist malicious domains
  • • URL validation & sanitization

⏰ URL Expiration

Scenarios:

  • • URL reaches 10-year limit
  • • User deletes URL
  • • Temporary campaign URLs

Handling:

  • • Soft delete (mark as expired)
  • • Grace period before reuse
  • • Return 410 Gone status
  • • Batch cleanup job (daily)

📊 Analytics Overload

Problem:

Viral URL gets millions of clicks/hour

Solutions:

  • • Async analytics with Kafka
  • • Sampling (track 1 in 100)
  • • Aggregate in memory first
  • • Separate analytics pipeline

🔒 Security Considerations

Input Validation

  • • Validate URL format
  • • Check for XSS patterns
  • • Sanitize custom aliases
  • • Block private IPs

Access Control

  • • API key for bulk ops
  • • JWT for user URLs
  • • Admin panel 2FA
  • • IP whitelisting

Monitoring

  • • Anomaly detection
  • • Fraud scoring
  • • Alert on spikes
  • • Audit logging

📉 Graceful Degradation Strategy

Level 1: Normal Operation

All features available: creation, analytics, custom URLs

Level 2: Partial Degradation

Core only: URL shortening works, analytics delayed, no custom URLs

Level 3: Emergency Mode

Read-only: Only redirects work, no new URL creation

Level 4: Maintenance Mode

Static page with status updates, estimated recovery time

🎯 Special URL Patterns

Reserved Patterns

/admin/* - Admin panel
/api/* - API endpoints
/health - Health check
/status - Status page
/robots.txt - SEO

Blocked Patterns

Profanity list
Trademark terms
Misleading (goog1e)
Single chars (a, b)
System commands

💡 Edge Cases Covered

Failures

Network, service, database failures with fallbacks

Security

Rate limiting, validation, access control

Special Cases

Collisions, expiration, reserved patterns

← Previous: Scale Refinement

Next: Deep Dives →