A lightweight request-rate limiter built with Spring Boot. It uses a Spring Security filter to intercept incoming requests, tracks request frequency per IP, and stores counters in Redis. The limiter blocks clients that exceed a configured threshold within a one-minute window.
- Intercepts requests via a Spring Security filter
- Tracks request counts per IP
- Uses Redis for fast in-memory storage
- Simple per-minute rate limiting
- Maven-based build
- Easy to configure through application properties
- Each request passes through a custom security filter.
- The filter identifies the client IP and increments its request counter in Redis.
- If the IP exceeds the
request-limit-per-minutevalue, the request is rejected. - Counters expire automatically after one minute.
application.yml example:
server:
port: 12345
spring:
data:
redis:
host: localhost
port: 6379
request-limit-per-minute: 5- Java 17+ (or your project’s target)
- Maven
- Redis server
-
Start Redis:
redis-server
-
Build the project:
mvn clean package
-
Run the application:
mvn spring-boot:run
- Filter layer: Handles request interception and rate checks
- Redis service: Manages counters and TTL
- Configuration: Exposes the per-minute limit as a property
You can adjust or extend:
- Different rate windows (e.g., per-second, per-hour)
- Keying strategies (API key, user ID, etc.)
- Enforcement behavior (headers, custom responses, logging)
MIT or your chosen license.