Rate Limiting
🚦 Rate Limiting Extension
Section titled “🚦 Rate Limiting Extension”Rate limiting helps you control how many requests a client can make in a given time window. This is essential for preventing abuse, brute-force attacks, and accidental overloads.
Zuno includes a built-in rate limiting extension that tracks requests per IP and blocks excessive usage.
⚙️ Enabling Rate Limiting
Section titled “⚙️ Enabling Rate Limiting”To enable rate limiting with default settings:
app.use(rateLimit());This will apply a sensible default policy (e.g. 100 requests per minute per IP).
🛠️ Custom Configuration
Section titled “🛠️ Custom Configuration”You can customize the rate limiting behavior by passing an options object:
app.use(rateLimit({60000, // 1 minute100, // per IP}));Available options:
Section titled “Available options:”| Option | Type | Description |
|---|---|---|
intervalMs | int | Time window in milliseconds |
max | int | Max number of requests allowed per window |
🧪 Example: Tighter Limits for Login Route
Section titled “🧪 Example: Tighter Limits for Login Route”You can apply rate limiting to specific routes:
app.post("/login", rateLimit({.intervalMs = 30000,.max = 5}), [](Request& req, Response& res) {res.send("Login attempt");});This limits login attempts to 5 per 30 seconds per IP.
🔍 How It Works
Section titled “🔍 How It Works”- Each client (typically identified by IP) gets a counter
- The counter resets after the
intervalMsperiod - If the client exceeds
max, Zuno returns an error response; `
🧭 Best Practices
Section titled “🧭 Best Practices”- Use stricter limits on sensitive endpoints (e.g.
/login,/register) - Combine with authentication and logging for better visibility
- Return clear error messages to guide legitimate users
- Monitor rate-limited traffic to detect abuse patterns
🧭 Next Steps
Section titled “🧭 Next Steps”Explore more extensions:
Zuno’s rate limiting extension helps you protect your app—without sacrificing performance or flexibility.