How to use rate limiting in Laravel

November 3, 2022

Categorized as Laravel

It is almost always a better idea not to use IP as part of rate limiting in Laravel. The main reason for that it can be easily changed with proxies and VPNs.

Did you know that there is an elegant syntax for multiple rate limiters in Laravel? Here they are:

RateLimiter::for('login', function (Request $request) {
    return [
        Limit::perMinute(500),
        Limit::perMinute(5)->by($request->ip()),
        Limit::perMinute(5)->by($request->input('email')),
    ];
});

This code will not help when dealing with DDOS attacks, though. However, it can stop some malicious brute force attempts, just remember – each group of people behind a corporate proxy will appear as a single IP address to your web application.

Still, your best bet would be Cloudflare’s WAF with advanced threat detection.

29 Best Laravel Tutorials and Resources for… Laravel is a free, open-source PHP web framework created by Taylor Otwell. It has expressive, elegant syntax and takes the…
Best three ways to lower server requests with… One of the first questions they have for people who get started with Livewire is why there are so many…
How to change default validation messages in Laravel Sometimes you need to change the default text of validation error messages returned when data validation fails. Fortunately, with form…

How to use rate limiting in Laravel

Related posts

Leave a reply