Challenge - 5 Problems

🎖️

Rate Limiting Master

Get all challenges correct to earn this badge!

Test your skills under time pressure!

❓ component_behavior

intermediate

2:00remaining

What happens when the rate limit is exceeded in this Express middleware?

Consider this Express.js middleware using the express-rate-limit package:

import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
  windowMs: 60000, // 1 minute
  max: 5,
  standardHeaders: true,
  legacyHeaders: false
});

app.use('/api/', limiter);

What will the server respond with if a client makes 6 requests within one minute to /api/?

Node.js

import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
  windowMs: 60000, // 1 minute
  max: 5,
  standardHeaders: true,
  legacyHeaders: false
});

app.use('/api/', limiter);

AThe 6th request responds with HTTP 429 Too Many Requests and a JSON error message.

BThe 6th request is queued and delayed until the window resets.

CThe 6th request is accepted but logged as a warning on the server.

DThe 6th request resets the count and is accepted normally.

Attempts:

2 left

📝 Syntax

intermediate

1:30remaining

Which option correctly sets up a rate limiter allowing 10 requests per 10 seconds?

Choose the correct code snippet to create a rate limiter with express-rate-limit that allows 10 requests every 10 seconds.

ArateLimit({ windowMs: 10, max: 10 })

BrateLimit({ windowMs: 10000, max: 10 })

CrateLimit({ windowMs: 10000, maxRequests: 10 })

DrateLimit({ max: 10, window: 10000 })

Attempts:

2 left

🔧 Debug

advanced

2:30remaining

Why does this rate limiter not block requests as expected?

Review this code snippet:

import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
  windowMs: 60000,
  max: 3
});

app.get('/data', limiter, (req, res) => {
  res.send('Data response');
});

Clients report they can make unlimited requests without being blocked. What is the most likely cause?

Node.js

import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
  windowMs: 60000,
  max: 3
});

app.get('/data', limiter, (req, res) => {
  res.send('Data response');
});

AThe app is behind a proxy but <code>trust proxy</code> is not enabled, so client IPs are not detected correctly.

BThe <code>max</code> value is too high to trigger blocking within 1 minute.

CThe middleware is applied only to GET requests, so POST requests bypass it.

DThe <code>windowMs</code> value is too low to count requests properly.

Attempts:

2 left

🧠 Conceptual

advanced

2:00remaining

What is the main benefit of using a distributed store with rate limiting middleware?

When deploying a Node.js app with multiple server instances, why should you use a distributed store (like Redis) for rate limiting data?

AIt speeds up request processing by caching responses in memory.

BIt reduces the memory usage on each server by offloading logs.

CIt automatically blocks IP addresses based on geographic location.

DIt shares rate limit counters across all instances, preventing clients from bypassing limits by switching servers.

Attempts:

2 left

❓ state_output

expert

2:30remaining

What is the value of the 'X-RateLimit-Remaining' header after 3 requests?

Given this Express.js setup:

import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
  windowMs: 60000,
  max: 5,
  standardHeaders: true,
  legacyHeaders: false
});

app.use('/api/', limiter);

If a client makes 3 requests in the current window, what will the X-RateLimit-Remaining header value be on the 3rd response?

Node.js

import rateLimit from 'express-rate-limit';

const limiter = rateLimit({
  windowMs: 60000,
  max: 5,
  standardHeaders: true,
  legacyHeaders: false
});

app.use('/api/', limiter);

Attempts:

2 left