Skip to main content

How to Use Rate Limiting in Laravel

How to Use Rate Limiting in Laravel

Rate limiting is a crucial security and performance feature that helps prevent abuse, brute-force attacks, and overuse of your application resources. Laravel provides a powerful and flexible way to handle rate limiting via built-in middleware and custom configurations.

๐Ÿšง Why Use Rate Limiting?

  • Protect endpoints from spamming or brute-force login attempts
  • Ensure fair use of server resources
  • Improve overall API and application performance

⚙️ Using Laravel's Built-in Throttle Middleware

Laravel includes a throttle middleware you can apply to routes or route groups.

Route::middleware('throttle:60,1')->group(function () {
    Route::get('/api/data', 'ApiController@getData');
});

This allows a maximum of 60 requests per minute per IP address.

๐Ÿ› ️ Creating Custom Rate Limiters

Since Laravel 8, you can define named rate limiters using the RateLimiter facade inside your RouteServiceProvider.

use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Support\Facades\RateLimiter;

public function boot()
{
    RateLimiter::for('custom-api', function ($request) {
        return Limit::perMinute(10)->by($request->ip());
    });
}

Then use it in your routes like this:

Route::middleware('throttle:custom-api')->get('/api/custom', 'ApiController@custom');

๐Ÿ‘ค Rate Limiting by User ID

You can scope rate limits to the user instead of the IP address:

RateLimiter::for('login', function ($request) {
    return Limit::perMinute(5)->by(optional($request->user())->id ?: $request->ip());
});

This helps protect login forms or endpoints based on authenticated user identity.

๐Ÿ“‰ Handling Exceeded Rate Limits

When a rate limit is exceeded, Laravel automatically returns a 429 Too Many Requests response. You can customize the response by overriding the ThrottleRequests middleware or handling it in your exception handler.

๐Ÿ’ก Best Practices

  • Apply lower limits on sensitive endpoints like login or registration
  • Use different limiters for public vs. authenticated routes
  • Log or monitor when limits are frequently hit to adjust thresholds
  • Throttle APIs especially if exposed to third-party apps

✅ Conclusion

Rate limiting in Laravel is powerful, flexible, and easy to configure. Whether you're building a public API or securing internal routes, Laravel gives you full control to protect your app efficiently.

๐Ÿ“˜ Want to learn more? Check out the official docs: Laravel Rate Limiting

Labels:

Comments

Post a Comment

Popular posts from this blog

How to Use L5-Swagger for API Documentation in Laravel

Integrating Swagger in Laravel: Annotations, JSON, and YAML What is Swagger? Swagger (OpenAPI) is a powerful tool for generating interactive API documentation. It helps developers understand and test your API easily. ✅ Step-by-Step Guide to Setup L5-Swagger 1. Install L5-Swagger Package composer require "darkaonline/l5-swagger" 2. Publish Config & View Files This command publishes the config file to config/l5-swagger.php : php artisan vendor:publish --provider "L5Swagger\L5SwaggerServiceProvider" 3. Configure Swagger (Optional) Edit the file config/l5-swagger.php to update: API Title Base Path Directories to scan for annotations 4. Add Swagger Annotations Add these before your controller class: /** * @OA\Info( * version="1.0.0", * title="Your API Title", * description=...
Post a Comment
Read more

How to Send Emails in Node.js using Nodemailer and Ethereal

How to Send Email in Node.js using Nodemailer Email functionality is essential in modern web applications. Whether you're sending confirmation emails, password resets, or notifications, Node.js with Nodemailer makes this simple. In this blog, we'll walk through setting up email sending using Node.js , Express , and Ethereal Email for testing. ๐Ÿงพ Prerequisites Node.js installed Basic knowledge of Express.js Internet connection ๐Ÿ“ Project Structure project-folder/ ├── index.js ├── .env ├── package.json └── app/ └── controller/ └── emailSendController.js ๐Ÿ“ฆ Step 1: Install Dependencies npm init -y npm install express nodemailer dotenv npm install --save-dev nodemon ๐Ÿ” Configure nodemon (Optional but Recommended) Update your package.json with a custom start script: "scripts": { "start": "nodemon index.js" } ๐Ÿ” Step 2: Create a .env File Create a .env file a...
Post a Comment
Read more

Realtime Device Tracker using Node.js, Socket.IO & Leaflet

Realtime Device Tracker using Node.js, Socket.IO & Leaflet In this tutorial, you’ll learn how to build a realtime location tracking application that uses the browser’s GPS, Socket.IO for live communication, and Leaflet.js to display users on a map. ๐Ÿš€ Project Overview Backend: Node.js, Express.js, Socket.IO Frontend: HTML, Leaflet.js, Socket.IO client Features: Live GPS tracking, multi-user map, disconnect cleanup ๐Ÿ“ Folder Structure project-root/ ├── app.js ├── package.json ├── src/ │ ├── public/ │ │ ├── css/ │ │ │ └── style.css │ │ └── js/ │ │ └── script.js │ ├── routes/ │ │ └── routers.js │ ├── socket/ │ │ └── socketHandler.js │ └── views/ │ └── index.ejs ๐Ÿง  How It Works Each user shares their location using the browser's navigator.geolocation API. Location is sent to the server via Socket.IO . The server broadcasts each user’s position to all clien...
Post a Comment
Read more