Express middleware for mitigating brute-force attacks
A simple and standalone middleware for express routes which attempts to mitigate brute-force attacks. It works by increasing the delay with each failed request using a Fibonacci formula. Requests are tracking via IP address and can be white-listed or reset on demand. All logged addresses are stored locally in an object and dormant addresses are removed automatically. Error messages are also completely customizable. This project is based on express-brute created by Adam Pflug.
$ npm install express-bouncer
// Creates a new instance of our bouncer (args optional)var bouncer = require "express-bouncer"500 900000;// Add white-listed addresses (optional)bouncerwhitelistpush "127.0.0.1";// In case we want to supply our own error (optional)ressend 429 "Too many requests have been made, " +"please wait " + remaining / 1000 + " seconds";;// Route we wish to protect with bouncer middlewareapppost "/login" bouncerblockif LoginFailed// Login failedelsebouncerreset req;// Login succeeded;// Clear all logged addresses// (Usually never really used)bounceraddresses = ;
express-bouncer min max free