aporat/laravel-rate-limiter
Laravel Rate Limiter
A flexible rate limiting middleware for Laravel applications, designed to throttle requests and actions using Redis.
Features
- Configurable rate limits per hour, minute, and second.
- Flexible limiting by IP, user ID, request method, and custom tags.
- IP blocking for abuse prevention.
- Optional rate limit headers in responses.
- Redis-backed storage for scalability.
Requirements
- PHP: 8.4 or higher
- Laravel: 12.x or 13.x
- Redis: Required for storage (ext-redis extension)
- Composer: Required for installation
Installation
Install the package via Composer:
composer require aporat/laravel-rate-limiter
The service provider (RateLimiterServiceProvider) is automatically registered via Laravel’s package discovery. If auto-discovery is disabled, add it to config/app.php:
'providers' => [
// ...
Aporat\RateLimiter\Laravel\RateLimiterServiceProvider::class,
],
Optionally, register the facade for cleaner syntax:
'aliases' => [
// ...
'RateLimiter' => \Aporat\RateLimiter\Facades\RateLimiter::class,
],
Publish the configuration file:
php artisan vendor:publish --provider="Aporat\RateLimiter\Laravel\RateLimiterServiceProvider" --tag="config"
This copies rate-limiter.php to your config/ directory.
Configuration
Edit config/rate-limiter.php to adjust limits and Redis settings:
return [
'limits' => [
'hourly' => 3000,
'minute' => 60,
'second' => 10,
],
'log_errors' => true, // Set to false to disable logging of rate limit violations
'redis' => [
'host' => env('RATE_LIMITER_REDIS_HOST', '127.0.0.1'),
'port' => env('RATE_LIMITER_REDIS_PORT', 6379),
'database' => env('RATE_LIMITER_REDIS_DB', 0),
'prefix' => env('RATE_LIMITER_REDIS_PREFIX', 'rate-limiter:'),
],
];
Add these to your .env file if needed:
RATE_LIMITER_REDIS_HOST=127.0.0.1
RATE_LIMITER_REDIS_PORT=6379
RATE_LIMITER_REDIS_DB=0
RATE_LIMITER_REDIS_PREFIX=rate-limiter:
Usage
Middleware
Apply rate limiting globally by registering the middleware in app/Http/Kernel.php:
protected $middleware = [
// ...
\Aporat\RateLimiter\Laravel\Middleware\RateLimit::class,
];
Or apply it to specific routes:
Route::get('/api/test', function () {
return 'Hello World';
})->middleware('Aporat\RateLimiter\Laravel\Middleware\RateLimit');
The middleware uses the configured limits (hourly, minute, second) and exempts IPs starting with 10.0..
Manual Rate Limiting
Use the RateLimiter facade for custom limiting:
use Aporat\RateLimiter\Laravel\Facades\RateLimiter;
Route::post('/submit', function (Request $request) {
RateLimiter::create($request)
->withUserId(auth()->id() ?? 'guest')
->withName('form_submission')
->withTimeInterval(3600)
->limit(5); // 5 submissions per hour
return 'Submitted!';
});
IP Blocking
Block an IP manually:
RateLimiter::blockIpAddress('192.168.1.1', 86400); // Block for 24 hours
Check if an IP is blocked:
if (RateLimiter::isIpAddressBlocked()) {
abort(403, 'Your IP is blocked.');
}
Rate Limit Headers
Add headers to responses:
$response = new Response('OK');
RateLimiter::create($request)
->withResponse($response)
->withRateLimitHeaders()
->limit(100);
return $response; // Includes X-Rate-Limit-Limit and X-Rate-Limit-Remaining
Testing
Run the test suite:
composer test
Generate coverage reports:
composer test-coverage
Contributing
Contributions are welcome! Please:
- Fork the repository.
- Create a feature branch (
git checkout -b feature/new-feature). - Commit your changes (
git commit -m "Add new feature"). - Push to the branch (
git push origin feature/new-feature). - Open a pull request.
Report issues at GitHub Issues.
License
This package is licensed under the MIT License. See the License File for details.
Support
- Issues: GitHub Issues
- Source: GitHub Repository