Rate limiting helps control how many times a user or system can make requests in a short time. It stops overload and keeps apps running smoothly.
class ApplicationController < ActionController::Base Rack::Attack.throttle('requests by ip', limit: 5, period: 10.seconds) do |request| request.ip end end
Use Rack::Attack.throttle to set limits on requests.
The block defines what to count, like IP address or user ID.
Rack::Attack.throttle('logins/ip', limit: 5, period: 20.seconds) do |req| req.ip if req.path == '/login' && req.post? end
Rack::Attack.throttle('api/ip', limit: 100, period: 1.minute) do |req| req.ip if req.path.start_with?('/api/') end
This example limits all requests to 3 per 10 seconds per IP address. If the limit is exceeded, it returns a 429 error with a message.
class ApplicationController < ActionController::Base Rack::Attack.throttle('requests by ip', limit: 3, period: 10.seconds) do |request| request.ip end Rack::Attack.throttled_response = lambda do |request| [429, {'Content-Type' => 'text/plain'}, ["Rate limit exceeded. Try again later."]] end end
Rate limits should be balanced to avoid blocking normal users.
Use Rack::Attack.throttled_response to customize the message when the rate limit is exceeded.
Test your limits using browser DevTools or API clients like Postman.
Rate limiting controls how often users can make requests.
Use Rack::Attack in Rails to set limits easily.
Always provide clear messages when users hit limits.