Let's refine the classic Rate Limiter problem. Imagine you're building a globally distributed API service, and you need to protect it from being overwhelmed by malicious actors or simply misbehaving clients. You want a robust and flexible rate limiting solution. This isn't just about preventing denial-of-service attacks; it's about ensuring a fair and consistent experience for all users of your API, even during peak load.

Instead of a simple token bucket or fixed window approach, we'll model a more advanced rate limiter that allows for different rate limits based on various criteria. These criteria could include user ID, API endpoint, geographic location, or even a combination of these. The system should be highly configurable, allowing administrators to dynamically adjust rate limits without requiring code changes. Furthermore, the design should be thread-safe to handle concurrent requests from multiple clients efficiently.

Consider a scenario where a free-tier user might be limited to 10 requests per minute for a specific endpoint, while a premium user could have a limit of 100 requests per minute for the same endpoint. Or, an API that provides data based on location needs to be throttled during peak hours so that each location can serve requests from their local servers, avoiding cross-region calls and potential latency.

Requirements