Rate limiting middleware for Express applications built on redis
npm install express-limiter --save
var express =var app =var client =var limiter = app client/*** you may also pass it an Express 4.0 `Router`** router = express.Router()* limiter = require('express-limiter')(router, client)*/app
Stringoptional route path to the request
Stringoptional http method. accepts
delete, and of course Express'
Function|String|Array.<String>value lookup on the request object. Can be a single value, array or function. See examples for common usages
Numberallowed number of requests before getting rate limited
Numberamount of time in
msbefore the rate-limited is reset
function(req)optional param allowing the ability to whitelist. return
falseto passthru to limiter.
Booleanwhether to skip sending HTTP headers for rate limits ()
Booleanwhether errors generated from redis should allow the middleware to call next(). Defaults to false.
Functioncalled when a request exceeds the configured rate limit.
// limit by IP address// or if you are behind a trusted proxy (like nginx)// by user (assuming a user is logged in with a valid id)// limit your entire app// limit users on same IP// whitelist user admins// skip sending HTTP limit headers// call a custom limit handler// with a function for dynamic-ness
as direct middleware
Happy Rate Limiting!