Rate limiting helps protect your web app from too many requests at once. It stops overload and keeps your app running smoothly.
import rateLimit from 'express-rate-limit'; const limiter = rateLimit({ windowMs: 15 * 60 * 1000, // time frame in milliseconds max: 100, // max requests per windowMs message: 'Too many requests, please try again later.', }); app.use(limiter);
windowMs sets the time window for counting requests.
max is the max number of requests allowed in that window.
const limiter = rateLimit({ windowMs: 60000, max: 10 });const limiter = rateLimit({ windowMs: 5 * 60 * 1000, max: 50, message: 'Slow down!' });app.use('/api/', rateLimit({ windowMs: 10 * 60 * 1000, max: 100 }));
This Express app limits each IP to 5 requests every 15 minutes. If exceeded, it sends a friendly error message.
import express from 'express'; import rateLimit from 'express-rate-limit'; const app = express(); const limiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 5, // limit each IP to 5 requests per windowMs message: 'Too many requests, please try again later.', }); app.use(limiter); app.get('/', (req, res) => { res.send('Hello, world!'); }); app.listen(3000, () => { console.log('Server running on http://localhost:3000'); });
Rate limiting works by tracking requests per IP address.
You can customize the error message to be user-friendly.
Use rate limiting especially on login and API routes to improve security.
Rate limiting protects your app from too many requests at once.
Use express-rate-limit to easily add limits in Express.
Set windowMs and max to control request limits.