A powerful continuous rate limiting extension for retra
npm i retra-ratelimit
First, require the package.
const RateLimiter = require('retra-ratelimit')
// ... create your retra app ^
const rl = new RateLimiter({
// options
}, [
// rules
])
app.use(rl.extension)
// ... start server v
Rules are Objects. Properties of a rule:
time
required - How much time to look through logs for to find matching requests. This is an array, which looks like this:[5, 'seconds']
or[6, 'minutes']
limit
required - How many requests to allow within this period of timemethod
- Request methodpathname
- Request pathname. Can be a Regular Expression or a String.blockMessage
- Message to respond with when blocking (as error property of JSON response)
Options:
cloudflare
- If enabled, uses theCF-Connecting-IP
header to detect client IPsblockMessage
- Message to respond with when blocking (used when no blockMessage is defined)varyLimit
- If enabled, varies limit for rules per request by up to 2 requests, making it harder for attackers to detect ratelimiting rules
In the master process, don't start a server but create a RateLimiter.
When forking a worker, add it to the RateLimiter.
const worker = cluster.fork()
rl.addWorker(worker)
Inside of the worker, instruct the RateLimiter to defer ratelimiting logic to the parent process.
rl.deferToParent()
By disqualifying requests from rate limiting, legitimate requests may be allowed in unlimited quantity. (ex. successful login attempts)
req.disqualifyRL()