Rate limiting allows you to limit the number of requests a user or client can make to your server or specific uri within a specific time period. Implementing rate limiting helps mitigate brute force attacks and system overload.
When you install Devflow, the rate limiting middleware is activated on the login route. Currently it is set at 10 max attempts within a 10 minute timespan:
return [
'max_attempts' => 10,
'ttl' => 600,
];This above code can be found in your ./config/throttle.php config file. If there are 10 request attempts within a 10 minute timespan, then that user/client will be blocked for 10 minutes.
Let's say that you wanted the block to be 24 hours instead of just 10 minutes. Then you would adjust the ttl to 86400 seconds:
return [
'max_attempts' => 10,
'ttl' => 86400,
];Now, if a user or client has made 10 requests within a 24 hour period, that user/client will be blocked for 24 hours. Of course you can adjust max_attempts as well as ttl according to your needs.
Join the conversation.
Have questions, feedback, or ideas? Leave a comment below.