How To Create A Rate Limiter Module In Laravel

Rate limiter module in Laravel:

Step 1: Create a Rate Limiter Middleware Create a middleware class called RateLimiterMiddleware that will intercept incoming requests and apply the rate limiting rules. Here’s an example:


namespace App\Http\Middleware;

use Closure;
use Illuminate\Cache\RateLimiter;

class RateLimiterMiddleware
    protected $limiter;

    public function __construct(RateLimiter $limiter)
        $this->limiter = $limiter;

    public function handle($request, Closure $next)
        $key = $this->resolveRequestKey($request);
        $maxAttempts = 60; // Maximum number of requests allowed per minute
        $decaySeconds = 60; // Time window for the rate limiter in seconds

        if ($this->limiter->tooManyAttempts($key, $maxAttempts)) {
            return response('Too Many Requests', 429);

        $this->limiter->hit($key, $decaySeconds);

        return $next($request);

    protected function resolveRequestKey($request)
        return $request->ip(); // Use the client's IP address as the rate limiter key

In this example, the RateLimiterMiddleware class uses Laravel’s built-in RateLimiter class to handle rate limiting. The handle method checks if the request has exceeded the maximum number of attempts within the defined time window. If so, a 429 Too Many Requests response is returned. Otherwise, the request is allowed to proceed, and the hit is recorded using the hit method.

Step 2: Register the Rate Limiter Middleware In your Laravel application, register the RateLimiterMiddleware in the middleware stack. Open the app/Http/Kernel.php file and add the middleware to the $middleware property or a specific route group. Here’s an example:

					protected $middleware = [
    // Other middleware...

In this example, the RateLimiterMiddleware is added to the $middleware array, ensuring that it applies to all incoming requests. You can also add it to a specific route group or middleware group based on your requirements.

Step 3: Customize the Rate Limiting Rules You can modify the $maxAttempts and $decaySeconds variables in the RateLimiterMiddleware class to adjust the rate limiting rules. The $maxAttempts variable defines the maximum number of requests allowed per minute, and the $decaySeconds variable specifies the time window for the rate limiter in seconds.

Please note that this is a basic example of a rate limiter module in Laravel, and you may need to customize it further based on your specific requirements, such as applying rate limiting to specific routes or user roles, using a different rate limiter implementation, or customizing the response returned when the rate limit is exceeded.