var limiter = require('connect-ratelimit');
app = connect()
.use(limiter({
whitelist: ['127.0.0.1'],
blacklist: ['example.com']
}))
.use(function (req, res) {
res.end('Hello world!');
});
connect-ratelimit is connect middleware for limiting the number of requests per client ip/hostname to your node server.
When a limit is reached the middleware will cancel the middleware chain early
with res.end('Rate limit exceeded.')
or you can optionally check for a limit
exceeding yourself elsewhere down the chain.
Categories serve as configurable templates to manage different types of connecting clients. By default all clients are categorized as 'normal' but whitelist
and blacklist
categories also exist.
By default anyone uncategorized will be subject to 500 requests per hour.
By default client names in the whitelist will not have their requests limited.
By default client names in the blacklist will be subject to 0 requests per hours. In other words they will always be exceding the rate limit.
connect-ratelimit uses the following code to identify clients:
req.headers['x-forwarded-for'] || req.connection.remoteAddress
var limiter = require('connect-ratelimit');
The middleware takes an options object with the following parameters:
whitelist
: An array of strings representing clients you wish to apply to the whitelist category. eg.['127.0.0.1']
for local development.blacklist
: An array of strings representing clients you wish to apply to the blacklist category.end
: A boolean when set to false (default true) the connect chain will continue even if a client has exceeded the ratelimit. Theresponse
object is augmented with theratelimit
namespace.response.ratelimit
exposes an object which contains the various details about the client including if they have past their limit as well as all other recorded clients. This is useful if you wish to supply your own error response to the client or any other logic.categories
: An object representing the various total requests per time for each category type. See below.
The categories
property of the options object for the connect-limiter allows
you to specify different totalRequests
and every
for specific categories.
A fully configured value of the categories
property could like this:
{
whitelist: {
totalRequests: -1,
every: 60 * 60 * 1000
},
blacklist: {
totalRequests: 0,
every: 60 * 60 * 1000
},
normal: {
totalRequests: 500,
every: 60 * 60 * 1000
}
}
Setting totalRequests
to 0
is how to block requests from a category
entirely.
Setting totalRequests
to -1
is how to remove request limits from a category entirely.
Below is how you can switch from an hourly rate to a half-hourly rate for all categories but blacklist.
.use(limiter({
whitelist: ['dharmafly.com'],
categories: {
normal: {
every: (60 * 60 * 1000) / 2
},
whitelist: {
every: (60 * 60 * 1000) / 2
}
}
}))
You don't need to set every category, just the properties you want to change.
connect is required for the example to run.
npm install connect
To play with the example app run the command below and navigate to localhost:4000
node example.js