express-io-limit v1.0.1

Express IO Limit

Basic rate-limiting middleware for Express. Use to limit repeated requests to public APIs and/or endpoints such as password reset.

Plays nice with express-slow-down.

Note: this module does not share state with other processes/servers by default. If you need a more robust solution, I recommend using an external store:

Alternate Rate-limiters

This module was designed to only handle the basics and didn't even support external stores initially. These other options all are excellent pieces of software and may be more appropriate for some situations:

• rate-limiter-flexible
• express-brute
• rate-limiter

Install

$ npm install --save express-io-limit

Usage

For a "regular" web server (e.g. anything that uses express.static()), where the rate-limiter should only apply to certain requests:

const rateLimit = require("express-io-limit");

// Enable if you're behind a reverse proxy (Heroku, Bluemix, AWS ELB, Nginx, etc)
// see https://expressjs.com/en/guide/behind-proxies.html
// app.set('trust proxy', 1);

const apiLimiter = rateLimit({
  windowMs: 15 * 60 * 1000, // 15 minutes
  max: 100
});
app.use("/api/", apiLimiter);