Prevent Redis Cache Penetration: Bloom Filters, Empty‑Value Caching, and Rate Limiting

Redis cache penetration occurs when client requests data missing in Redis, causing every request to hit the database, leading to increased load.

Common causes are malicious attacks or crawlers that request many nonexistent keys, and business logic errors that generate invalid queries.

Solution 1: Bloom Filter

A Bloom filter is a space‑efficient probabilistic data structure that can quickly test whether a key is likely present. By pre‑loading all valid keys into the filter, requests for non‑existent keys are rejected early, reducing database traffic. It uses little memory and offers fast lookups, but may produce false positives and requires maintenance.

Solution 2: Cache Empty Values

When a database query returns no result, store a placeholder (e.g., null) in Redis with a short TTL. Subsequent identical requests hit the cache and avoid database hits. This approach is simple and low‑cost, but excessive distinct missing keys can fill the cache, so TTL must be chosen carefully.

Solution 3: Rate Limiting and Anti‑Scraping

Apply gateway or application‑level rate limiting (leaky bucket, token bucket, or per‑IP/user limits) to throttle excessive requests. Combined with black/white lists and alerting, this mitigates attack‑driven penetration.

Solution 4: Authentication and Business Validation

Perform parameter validation, identity checks, and resource‑id sanity checks before accessing cache or database. Invalid or unauthorized requests are rejected early, improving security and correctness. This should be combined with other defenses.