Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Rate Limiting does not happen for particular IP address

See original GitHub issue

Limits = 40/day Once 40 requests are served irrespective of the IP Addresses, It redirects to the 429 view. So even the visitor whose visiting the site for the first time, is redirected to 429. Can we have rate limiting for every IP address?

var RateLimiter = require('limiter').RateLimiter;
var limiter = new RateLimiter(40, 'day', true);  // fire CB immediately

app.use(function (req, res, next) {
  if ((req.headers["user-agent"].indexOf("Googlebot") != -1) || req.url == "/429")
    next();
  else
    limiter.removeTokens(1, function(err, remainingRequests) {
      if (remainingRequests < 0) {
        res.redirect('/429');
      } else {
        next();
      }
    });
});

Issue Analytics

State:
Created 10 years ago
Comments:8 (2 by maintainers)

Top GitHub Comments

1reaction

eirikfrocommented, Mar 14, 2014

I followed your advice and combined your limiter with the node-cache:

var RateLimiter = require('limiter').RateLimiter;
var cache = require('memory-cache');

exports.isLimited = function(req, res, next) {
    if (cache.get(req.ip)){
        var cachedLimiter = cache.get(req.ip); 
        if (cachedLimiter.getTokensRemaining()>1){
            cachedLimiter.removeTokens(1, function(){});
            cache.put(req.ip, cachedLimiter, 10000);
            return next();
        }
        res.send("too many requests from your ip!");
    }
    else {var cachedLimiter = new RateLimiter(500, 'hour'); cache.put(req.ip, cachedLimiter, 10000); return next();}
}

Now specific requests can be limited on a per-IP basis from the express-app like this:

var limiter = require('./controllers/limiter');
app.get('/isEmailAvailable/:email', limiter.isLimited, userController.isEmailAvaliable);

Just if anyone would come across this issue in the future! 😃

0reactions

boboci9commented, Sep 14, 2015

Hi guys thanks for the answers, my calls are actually API calls so my while cycle is calling API calls, I thought that should work. I will try it with the tryRemoveTokens, but my gratest issue was that if I set a rate of 10 calls per hour everything worked after the 10th it stopped but if I set 10 calls per second than are the issues presenting and it will let me call all the 30 API calls that I have in the while.