How to Rate Limit Route Requests in Laravel

Published: Dec 08, 2020 - Updated: Mar 16, 2022

According to Wikipedia, In computer networks, rate limiting is used to control the rate of requests sent or received by a network interface controller and is used to prevent DoS attacks. In this article, we are going to set rate limits in Laravel routes.

We can do it using Laravel throttle middleware. Let’s get started:

Table of Contents

  1. Basic Example
  2. Apply on Route Group
  3. Dynamic Rate Limit

Basic Example

Let’s set throttle middleware in a route:

Route::get('/user', function () {
    //
})->middleware('auth', 'throttle:20,1');

An authenticated user access route 20 times per minute. After crossing the limit the route will return 429 Too Many Requests.

Apply on Route Group

We can easily set rate limit in a group of routes:

Route::middleware('auth:api', 'throttle:20,1')->group(function () {
    Route::get('/user', function () {
        //
    });
});

Dynamic Rate Limit

We can set a dynamic rate limit variable instead of a hard-coded number of maximum requests:

Route::middleware('auth:api', 'throttle:rate_limit,1')->group(function () {
    Route::get('/user', function () {
        //
    });
});

The rate_limit is an attribute of a User model.