express-custom-limiter v1.0.0-a2

Express Custom Limiter

Basic rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.

Plays nice with express-slow-down.

Note: this module does not share state with other processes/servers by default. If you need a more robust solution, I recommend using an external store:

Alternate Rate-limiters

This module was designed to only handle the basics and didn't even support external stores initially. These other options all are excellent pieces of software and may be more appropriate for some situations:

• rate-limiter-flexible
• express-brute
• rate-limiter

Install

$ npm install --save express-custom-limiter

Usage

For a "regular" web server (e.g. anything that uses express.static()), where the rate-limiter should only apply to certain requests:

const ECL = require("express-custom-limiter");

// Enable if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc)
// see https://expressjs.com/en/guide/behind-proxies.html
// app.set('trust proxy', 1);

const customLimiter = ECL({
  windowMs: 60 * 1000, // 1 minute (can be set higher if needed - this is in miliseconds)
  max: 5, // maximum request sent before ratelimited.
  limiterPage: "index" // Optional of what page you want to render, if you wish to use pages from folders do /foldername/pagename
});
app.use("/api/", customLimiter);

Credits:

• Original Source Developer: nfriedly express-rate-limit
• Modified By Mr. Cerberus express-custom-limiter