Skip to main content

How to Use Rate Limiting in Laravel

How to Use Rate Limiting in Laravel

Rate limiting is a crucial security and performance feature that helps prevent abuse, brute-force attacks, and overuse of your application resources. Laravel provides a powerful and flexible way to handle rate limiting via built-in middleware and custom configurations.

๐Ÿšง Why Use Rate Limiting?

  • Protect endpoints from spamming or brute-force login attempts
  • Ensure fair use of server resources
  • Improve overall API and application performance

⚙️ Using Laravel's Built-in Throttle Middleware

Laravel includes a throttle middleware you can apply to routes or route groups.

Route::middleware('throttle:60,1')->group(function () {
    Route::get('/api/data', 'ApiController@getData');
});

This allows a maximum of 60 requests per minute per IP address.

๐Ÿ› ️ Creating Custom Rate Limiters

Since Laravel 8, you can define named rate limiters using the RateLimiter facade inside your RouteServiceProvider.

use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Support\Facades\RateLimiter;

public function boot()
{
    RateLimiter::for('custom-api', function ($request) {
        return Limit::perMinute(10)->by($request->ip());
    });
}

Then use it in your routes like this:

Route::middleware('throttle:custom-api')->get('/api/custom', 'ApiController@custom');

๐Ÿ‘ค Rate Limiting by User ID

You can scope rate limits to the user instead of the IP address:

RateLimiter::for('login', function ($request) {
    return Limit::perMinute(5)->by(optional($request->user())->id ?: $request->ip());
});

This helps protect login forms or endpoints based on authenticated user identity.

๐Ÿ“‰ Handling Exceeded Rate Limits

When a rate limit is exceeded, Laravel automatically returns a 429 Too Many Requests response. You can customize the response by overriding the ThrottleRequests middleware or handling it in your exception handler.

๐Ÿ’ก Best Practices

  • Apply lower limits on sensitive endpoints like login or registration
  • Use different limiters for public vs. authenticated routes
  • Log or monitor when limits are frequently hit to adjust thresholds
  • Throttle APIs especially if exposed to third-party apps

✅ Conclusion

Rate limiting in Laravel is powerful, flexible, and easy to configure. Whether you're building a public API or securing internal routes, Laravel gives you full control to protect your app efficiently.

๐Ÿ“˜ Want to learn more? Check out the official docs: Laravel Rate Limiting

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Display Flash Messages in EJS using Node.js and Express

Displaying Flash Messages in EJS with Node.js and Express Flash messages are a great way to give users quick feedback — like "Login successful!" or "Please enter all fields!" . In this guide, you’ll learn how to implement them using: express-session connect-flash EJS templating ๐Ÿ“ฆ Step 1: Install Required Packages npm install express express-session connect-flash ejs ⚙️ Step 2: Setup Express App and Middleware const express = require('express'); const session = require('express-session'); const flash = require('connect-flash'); const app = express(); // Set view engine app.set('view engine', 'ejs'); // Middleware app.use(express.urlencoded({ extended: true })); app.use(session({ secret: 'yourSecretKey', resave: false, saveUninitialized: true })); app.use(flash()); // Make flash messages available to all views app.use((req, res, next) => { res.lo...
Post a Comment
Read more

Realtime Device Tracker using Node.js, Socket.IO & Leaflet

Realtime Device Tracker using Node.js, Socket.IO & Leaflet In this tutorial, you’ll learn how to build a realtime location tracking application that uses the browser’s GPS, Socket.IO for live communication, and Leaflet.js to display users on a map. ๐Ÿš€ Project Overview Backend: Node.js, Express.js, Socket.IO Frontend: HTML, Leaflet.js, Socket.IO client Features: Live GPS tracking, multi-user map, disconnect cleanup ๐Ÿ“ Folder Structure project-root/ ├── app.js ├── package.json ├── src/ │ ├── public/ │ │ ├── css/ │ │ │ └── style.css │ │ └── js/ │ │ └── script.js │ ├── routes/ │ │ └── routers.js │ ├── socket/ │ │ └── socketHandler.js │ └── views/ │ └── index.ejs ๐Ÿง  How It Works Each user shares their location using the browser's navigator.geolocation API. Location is sent to the server via Socket.IO . The server broadcasts each user’s position to all clien...
Post a Comment
Read more

How to Send Emails in Node.js using Nodemailer and Ethereal

How to Send Email in Node.js using Nodemailer Email functionality is essential in modern web applications. Whether you're sending confirmation emails, password resets, or notifications, Node.js with Nodemailer makes this simple. In this blog, we'll walk through setting up email sending using Node.js , Express , and Ethereal Email for testing. ๐Ÿงพ Prerequisites Node.js installed Basic knowledge of Express.js Internet connection ๐Ÿ“ Project Structure project-folder/ ├── index.js ├── .env ├── package.json └── app/ └── controller/ └── emailSendController.js ๐Ÿ“ฆ Step 1: Install Dependencies npm init -y npm install express nodemailer dotenv npm install --save-dev nodemon ๐Ÿ” Configure nodemon (Optional but Recommended) Update your package.json with a custom start script: "scripts": { "start": "nodemon index.js" } ๐Ÿ” Step 2: Create a .env File Create a .env file a...
Post a Comment
Read more