Rate limiting #12134
-
I have a Dynamic API Route that I'm planning to expose on the client and have taken steps to secure that as much as possible. One thing I'd like to know is if there's a way to do rate limiting on API Routes, or a solution someone has seen before that would work? The API Route hits a serverless database so it could get very expensive if a bad actor decides to hammer the endpoint. |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 10 replies
-
I'm not too familiar with rate limiting, but you could add a {
"source": "/api/route",
"headers": [
{
"key": "Cache-Control",
"value": "public, max-age=120, stale-while-revalidate=60"
}
]
} |
Beta Was this translation helpful? Give feedback.
-
If bad actors are your concern, I don't think a There isn't much information about your architecture but there's three points I see where you could add rate-limiting:
|
Beta Was this translation helpful? Give feedback.
-
Thanks for your replies, it's much appreciated. On top of the answers provided, it turns out this is a service that Cloudflare offer (https://www.cloudflare.com/rate-limiting/). I'm going to try this initially, otherwise I'll likely fall back to using some middleware. |
Beta Was this translation helpful? Give feedback.
-
Added an example for rate-limiting using |
Beta Was this translation helpful? Give feedback.
If bad actors are your concern, I don't think a
cache-control
header is going to stop them from hammering the endpoint.There isn't much information about your architecture but there's three points I see where you could add rate-limiting:
connect
middleware, you should be able to rate limit with one of the available rate-limiting middleware