0
Jump into concepts and practice - no test required
Recommended
Rate limiting helps protect your web app from too many requests at once. It stops overload and keeps your app running smoothly.
import rateLimit from 'express-rate-limit'; const limiter = rateLimit({ windowMs: 15 * 60 * 1000, // time frame in milliseconds max: 100, // max requests per windowMs message: 'Too many requests, please try again later.', }); app.use(limiter);
windowMs sets the time window for counting requests.
max is the max number of requests allowed in that window.
const limiter = rateLimit({ windowMs: 60000, max: 10 });const limiter = rateLimit({ windowMs: 5 * 60 * 1000, max: 50, message: 'Slow down!' });app.use('/api/', rateLimit({ windowMs: 10 * 60 * 1000, max: 100 }));
This Express app limits each IP to 5 requests every 15 minutes. If exceeded, it sends a friendly error message.
import express from 'express'; import rateLimit from 'express-rate-limit'; const app = express(); const limiter = rateLimit({ windowMs: 15 * 60 * 1000, // 15 minutes max: 5, // limit each IP to 5 requests per windowMs message: 'Too many requests, please try again later.', }); app.use(limiter); app.get('/', (req, res) => { res.send('Hello, world!'); }); app.listen(3000, () => { console.log('Server running on http://localhost:3000'); });
Rate limiting works by tracking requests per IP address.
You can customize the error message to be user-friendly.
Use rate limiting especially on login and API routes to improve security.
Rate limiting protects your app from too many requests at once.
Use express-rate-limit to easily add limits in Express.
Set windowMs and max to control request limits.
express-rate-limit in an Express app?express-rate-limit doesexpress-rate-limit in an Express app?require is correct for many Express apps.rateLimit with an options object like { windowMs: 60000, max: 5 } to set limits.const rateLimit = require('express-rate-limit');
const limiter = rateLimit({ windowMs: 60000, max: 5 });
app.use(limiter);const rateLimit = require('express-rate-limit');
const limiter = rateLimit({ max: 10 });
app.use(limiter);windowMs option is needed to specify the time frame for the limit.max but does not set windowMs, so the time window is undefined.windowMs option to define the time window -> Option Bexpress-rate-limit only to /login?app.use('/login', middleware) applies the middleware only to the /login path.rateLimit with options returns middleware to pass to app.use.