I am trying to set API rate limit on my app using express-rate-limit. It works if it is from the same IP address. I have an error message once it reaches a max of 5. However, it fails when it is tried from different IP address/computer. Any idea how I can fix this? I tried using 127.0.0.1 to generate a key regardless of which IP address but that failed as well.
Below is my code:
// Rate Limit
var RateLimit = require('express-rate-limit');
app.enable('trust proxy');
var limiter = new RateLimit({
windowMs: 365*24*60*60*1000, // 1 year
max: 5, // limit each IP to 1 requests per windowMs
delayMs: 365*24*60*60*1000, // delaying - 365 days until the max limit is reached
message: "Sorry, the maximum limit of 50 letters sent has been reached. Thank you for participating!",
keyGenerator: function (req) {
req.ip = "127.0.0.1";
// req.ip = "ip address";
return req.ip;
}
});
app.use('/api/letter', limiter);
js as a platform has a few limitations on its own that we have to accept. However, with proper logging, monitoring, in-depth understanding of platforms and tooling you can scale & serve millions of customers in real-time.
use('/api/', apiLimiter) const createAccountLimiter = rateLimit({ windowMs: 60 * 60 * 1000, // 1 hour max: 5, // Limit each IP to 5 create account requests per `window` (here, per hour) message: 'Too many accounts created from this IP, please try again after an hour', standardHeaders: true, // Return rate limit info in ...
Limits are placed on the number of API requests you may make using your API key. Rate limits may vary by service, but the defaults are: Hourly Limit: 1,000 requests per hour.
const limiter = rateLimit({ windowMs: 1 * 60 * 1000, // 1 minutes max: 500, // limit each IP to 500 requests per windowMs }); app. use(limiter); The above configuration will limit the number of requests to 500 requests per minute for an IP address.
The memory store implementation used by express-rate-limit
uses setTimeout()
to clear the store after windowMs
milliseconds.
According to the Node.js documentation for setTimeout()
,
When delay is larger than 2147483647 or less than 1, the delay will be set to 1.
In your case, the delay is larger than that amount, namely 31536000000 milliseconds. This results in the store never storing any data for more than 1ms.
To solve this, you probably have to implement your own store (see the store
option), or perhaps look for an alternative rate limiter that doesn't have this limit (it seems to me that with such large expiry times, you'll need some sort of persistent storage anyway).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With