Skip to main content

How to Use Rate Limiting in Laravel

How to Use Rate Limiting in Laravel

Rate limiting is a crucial security and performance feature that helps prevent abuse, brute-force attacks, and overuse of your application resources. Laravel provides a powerful and flexible way to handle rate limiting via built-in middleware and custom configurations.

🚧 Why Use Rate Limiting?

  • Protect endpoints from spamming or brute-force login attempts
  • Ensure fair use of server resources
  • Improve overall API and application performance

⚙️ Using Laravel's Built-in Throttle Middleware

Laravel includes a throttle middleware you can apply to routes or route groups.

Route::middleware('throttle:60,1')->group(function () {
    Route::get('/api/data', 'ApiController@getData');
});

This allows a maximum of 60 requests per minute per IP address.

🛠️ Creating Custom Rate Limiters

Since Laravel 8, you can define named rate limiters using the RateLimiter facade inside your RouteServiceProvider.

use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Support\Facades\RateLimiter;

public function boot()
{
    RateLimiter::for('custom-api', function ($request) {
        return Limit::perMinute(10)->by($request->ip());
    });
}

Then use it in your routes like this:

Route::middleware('throttle:custom-api')->get('/api/custom', 'ApiController@custom');

👤 Rate Limiting by User ID

You can scope rate limits to the user instead of the IP address:

RateLimiter::for('login', function ($request) {
    return Limit::perMinute(5)->by(optional($request->user())->id ?: $request->ip());
});

This helps protect login forms or endpoints based on authenticated user identity.

📉 Handling Exceeded Rate Limits

When a rate limit is exceeded, Laravel automatically returns a 429 Too Many Requests response. You can customize the response by overriding the ThrottleRequests middleware or handling it in your exception handler.

💡 Best Practices

  • Apply lower limits on sensitive endpoints like login or registration
  • Use different limiters for public vs. authenticated routes
  • Log or monitor when limits are frequently hit to adjust thresholds
  • Throttle APIs especially if exposed to third-party apps

✅ Conclusion

Rate limiting in Laravel is powerful, flexible, and easy to configure. Whether you're building a public API or securing internal routes, Laravel gives you full control to protect your app efficiently.

📘 Want to learn more? Check out the official docs: Laravel Rate Limiting

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Display Flash Messages in EJS using Node.js and Express

Displaying Flash Messages in EJS with Node.js and Express Flash messages are a great way to give users quick feedback — like "Login successful!" or "Please enter all fields!" . In this guide, you’ll learn how to implement them using: express-session connect-flash EJS templating 📦 Step 1: Install Required Packages npm install express express-session connect-flash ejs ⚙️ Step 2: Setup Express App and Middleware const express = require('express'); const session = require('express-session'); const flash = require('connect-flash'); const app = express(); // Set view engine app.set('view engine', 'ejs'); // Middleware app.use(express.urlencoded({ extended: true })); app.use(session({ secret: 'yourSecretKey', resave: false, saveUninitialized: true })); app.use(flash()); // Make flash messages available to all views app.use((req, res, next) => { res.lo...
Post a Comment
Read more

Laravel vs Node.js – Which One to Choose and Why?

Laravel vs Node.js – Which One to Choose and Why? Choosing the right backend technology is one of the most critical decisions in web development. Both Laravel and Node.js are widely adopted and loved by developers, but each comes with its unique strengths. In this post, I’ll compare both to help you decide which one suits your next project better. What is Laravel? Laravel is a PHP-based, open-source web application framework that follows the Model-View-Controller (MVC) architectural pattern. Known for its elegant syntax, Laravel simplifies development with features like authentication , routing , Eloquent ORM , and Blade templating . It’s ideal for developers looking for a structured and robust development experience. What is Node.js? Node.js is a JavaScript runtime built on Chrome’s V8 engine, allowing JavaScript to be used for server-side development. It uses a non-blocking, event-driven architecture, making it highly efficient and scalable ...
Post a Comment
Read more

15 Must-Know Git Commands for Every Developer

15 Must-Know Git Commands for Every Developer (With Explanations) Whether you're working solo or with a team, Git is an essential tool for modern developers. These commands help manage your codebase effectively and are frequently asked in tech interviews. Below is a curated list of the 15 most useful Git commands every developer should know. Command Description git init Initializes a new Git repository in your project directory. git clone <url> Clones a remote repository to your local machine. git status Shows the status of changes (staged, unstaged, untracked) in the working directory. git add <file> Adds changes in the specified file(s) to the staging area. git commit -m "message" Records the staged changes with a descriptive message. git pull Fetches...
Post a Comment
Read more