Menu
On a Laravel API I've set rate limits using the default middleware for throttling;
Route::group(['prefix' => 'products'], function() {
Route::get('/', ['as' => 'products.index', 'uses' => 'CustomerProductController@index'])->middleware('throttle:60,1');
Route::get('/{product}', ['as' => 'products.show', 'uses' => 'CustomerProductController@show'])->middleware('throttle:50,1');
});
Now I need to make my own middleware to exclude 1 ip address from throttling. But somehow I can only find suggestions on doing things the other way around eg. throttling a group of ip addresses.
Can someone give me a nudge in the right direction?
585
A: For disabling the rate limiter in Laravel, first go to the app/Http/Kernel. php. There you will find the default throttle limit defined by Laravel for all api routes. Just comment out that code to disable it completely.
This help to prevent mass usage of API as well as DoS attack. You can block the malicious API user after implementing throttle middleware into laravel api. The Laravel has built-in rate limiting which limits the actions/responses per minute. You can change the API wrapper for the use of Throttling Middleware.
Laravel API rate limiting 100 requests per minute.
Here's a short overview of what I would do.
Step 1
Create a new middleware i.e. ThrottleRequestsWithIp
php artisan make:middleware ThrottleRequestsWithIp
Step 2
Let it extend the original throttle middleware class \Illuminate\Routing\Middleware\ThrottleRequests.
If you want to take a look at the original framework middleware you can find it under /vendor/laravel/framework/src/Illuminate/Routing/Middleware/ThrottleRequests.php
Overwrite the handle method to check for the IP address and call the parent method if it's not found.
This is how your App\Http\Middleware\ThrottleRequestsWithIp could look like
<?php
namespace App\Http\Middleware;
use Closure;
class ThrottleRequestsWithIp extends \Illuminate\Routing\Middleware\ThrottleRequests
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle($request, Closure $next, $maxAttempts = 60, $decayMinutes = 1, $prefix = '')
{
if($request->ip() === "192.168.10.2")
return $next($request);
return parent::handle($request, $next, $maxAttempts, $decayMinutes, $prefix);
}
}
Step 3
Register your new middleware in Kernel.php, for example
'throttleIp' => \App\Http\Middleware\ThrottleRequestsWithIp::class
Step 4
Use it in your routes like this
Route::get('/', [
'as' => 'products.index',
'uses' => 'CustomerProductController@index'
])->middleware('throttleIp:60,1');
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
