Rate Limiter is one of the important aspects used in the laravel eCommerce system. Today, We are going to start the discussion on the Laravel rate limiter.
What is Laravel Rate Limiter ?
Laravel includes a simple to use rate limiting abstraction which, in conjunction with your application’s cache, provides an easy way to limit any action during a specified window of time. The rate limiter controls the number of requests at a time. It can efficiently block malicious bots.
As a backend developers, we need to make our web application full proof we need to make sure our application is running as efficiently as possible all the time.
Rate Limiting Middleware :
Rate limiting middleware is a software component used to control the rate of requests made to a web application or API. It is designed to prevent resource overuse, and abuse of the API, or ensure fair usage for all users. This type of middleware is added to the pipeline of an application.
|
2 3 4 5 6 7 |
<?php Route::middleware(['throttle:30,1'])->group(function () { Route::get('/categorys', [CategoryController::class, 'index']); Route::get('/categorys/{id}', [CategoryController::class, 'show']); Route::post('/categorys', [CategoryController::class, 'store']); }); |
As you can see, you just need to pass a string containing protect: followed by the name of the rate limiter you have defined. Here 30 is number of requests you can make in 1 minute. The throttle middleware is made to protect routes against excessive reception of too many HTTP requests and restricting them once a limit has been reached.
For these routes, If the rate limit is reached, the application will return an “Error – 429, Too Many Requests” response instead of the expected response
What is throttle ?
Laravel utilizes throttle middleware to limit the amount of traffic for a given route or gather of routes. The throttle middleware accepts two parameters that decide the maximum number of requests that can be made in a given number of minutes.
Note:- If your application has an API using the api-middleware group, by default throttle:api middleware is applied to these routes, as defined by the $middlewareGroups[‘api’] property of your App\Http\Kernel class is defined in So you have to define a rate limiter named API or remove it from the group.
Create Custom Rate Limiter:
There is now a new way to create custom rate limiters in Laravel 10.
We can define our custom rate limiter in any service provider, usually it should be in root service provider.
To use the rate limiter in Laravel, you first need to define a rate limiter in your application. You can do this in the boot method of the App\Providers\RouteServiceProvider class: ConfigureRateLimiting()
|
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
<?php namespace App\Providers; use Illuminate\Cache\RateLimiting\Limit; use Illuminate\Foundation\Support\Providers\RouteServiceProvider as ServiceProvider; use Illuminate\Support\Facades\RateLimiter; class RouteServiceProvider extends ServiceProvider { public function boot(): void { $this->ConfigureRateLimiting(); $this->routes(function () { RateLimiterFacade::for('Example', function (RateLimiter $limiter) { $limiter->limit(60)->perMinute(); // limit 60 requests per minute }); }); } /** * Configure the rate limiters for the application. */ protected function ConfigureRateLimiting(): void { RateLimiter::for('Example', function (Request $request) { $limiter->limit(100)->perMinute(); }); } } |
• Rate limiters are defined using the RateLimiter facade’s for method. The for method accepts a rate limiter name and a Closure that returns the limit configuration that should apply to routes that are assigned this rate limiter
In the above example, we have defined a rate limiter called Example which limits access to the routes associated with it to 100 requests per minute.
You can create as many configurations as you want, with the names you want.
Once you defined your rate limiters, you can apply them to routes you want to rate limit using the throttle middleware, as follows:
|
2 3 4 |
Route::middleware('throttle:Example')->get('/user', function(){ Route::get('/index', [DashboardController::class, 'index']); }); |
With this code, any requests to your API routes will be rate-limited based on the example limiter that you defined earlier.
You can also customize the rate limiter to suit your needs by adjusting the limit and time period. For example, if you want to limit requests to 10 per minute, you can use:
|
2 |
$limiter->limit(10)->perMinute(); |
However, Ratelimiter is not just for use with throttle middleware, you can also use it in a more advanced way in your controllers, for example. I invite you to take a look at the documentation to learn more about this.
For further reading see the Laravel 10 Docs Rate Limiting.
Thanks for reading this blog. Please comment below if you have any question. Also you can hire laravel developers for your custom laravel projects. kindly explore our extensions.
Be the first to comment.