Laravel Question posted in
The official Laravel Documentation can be found here.

Laravel throttle, RateLimiter vs ThrottleRequests, when to use which?

I need to rate limiting for my REST API. Currently I just need rate limit based on the URL prefix, e.g. url with tps/xxx will need a rate limit for 10 times in 1 minute. I may need to add more rules later.

I see laravel document explain RateLimiter but I also see it mentions ThrottleRequests middleware. After further checking the source codes I see ThrottleRequests Constructor injection RateLimiter

    /**
     * Create a new request throttler.
     *
     * @param  IlluminateCacheRateLimiter  $limiter
     * @return void
     */
    public function __construct(RateLimiter $limiter)
    {
        $this->limiter = $limiter;
    }

But it is still unclear to me these two classes’s use case and when to use which ?

For my use case based on url prefix, which one should I use ?

Tags:

2

Answers


  1. 0

    When working with Laravel, understanding the difference between throttle, RateLimiter, and ThrottleRequests is crucial for effective rate limiting in your application.

    Throttle:

    The throttle middleware is a general-purpose middleware that you can use to throttle various aspects of your application.
    It allows you to set the maximum number of requests that can be made in a given time period.
    You can use it in your routes or controllers to limit the rate at which users can access certain resources.

    Route::middleware('throttle:60,1')->group(function () {
    // Your routes
});

    In this example, it allows 60 requests per minute.

    RateLimiter:

    Rate limiting is critical for protecting app or website resources from excessive or improper use. Whether a result of malicious human intervention, bot-based attacks, or an overlooked vulnerability, resource misuse can interfere with legitimate access to your application and introduce severe vulnerabilities.
    Laravel’s RateLimiter is a more low-level tool that allows you to manage rate limiting programmatically.
    It provides a set of methods to manage and check the rate limits.
    Example:

    $key = 'user:' . $user->id;
$limiter = app(RateLimiter::class);

if ($limiter->tooManyAttempts($key, $maxAttempts, $decayMinutes)) {
    // Handle rate limit exceeded
} else {
    $limiter->hit($key, $decayMinutes);
    // Continue with the action
}

    This allows you to have fine-grained control over rate limiting logic.
    ThrottleRequests:
    ThrottleRequests is a trait that you can use in your controllers to apply rate limiting on specific controller actions.
    It provides an easy way to apply rate limiting to specific methods within your controllers.

    This is useful when you want to apply rate limiting only to specific actions.

    Use the throttle middleware when you want a quick and easy way to apply rate limiting to your routes.
    Use RateLimiter when you need more control over rate limiting and want to manage it programmatically.
    Use ThrottleRequests when you want to apply rate limiting specifically to certain methods within your controllers.

    Login or Signup to reply.
  2. 0

    RateLimiter:

    RateLimiter is used for complex scenarios that requires custom logics for calculating limits and handling responses. Like if you need to limit new users 10 requests per day while regular users 50 requests per day. You can even limit based on suspicious activity like too many downloads in short time. You can do all the stuff with complex custom rules or you can create your own custom logics using RateLimiter. It’s flexible, but takes time and effort.

    ThrottleRequests:

    Throttle is easier to use with pre-built middleware and route annotations for common rate limiting scenarios. For url limits, you should use throttle. It handles basic website traffic flow quickly and simply.

    // Define routes with the specific prefix
Route::prefix('tps')
->group(function () {
    Route::get('/xxx', function () {
        // ...
    })->middleware('throttle:10,1'); // 10 requests per minute for routes under /tps/xxx
    // Other routes within the prefix
});
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search