How to Evaluate Express Limit Apps

Rate limiting is a policy you can use to control traffic on a network. It limits the number of requests a user can make in a specific time frame.

There are various rate limiting algorithms, each with its own tradeoffs. A simple and popular method is to track the IP addresses of requests and check the time that elapses between requests. The system can then deny a request if its IP address exceeds the number of requests allowed by the limit.

This approach to rate limiting is easy to integrate into a NodeJS-Express application, in just a few steps.

Step 1: Set up a development environment

First, you will need to create and initialize an Express application.

Start by creating a project directory by running:

mkdir express-app

Then enter this directory by running:

cd express-app

Next, initialize npm, the node package manager, and create a package.json file in your application by running:

npm init -y

The -y flag will create your package.json file with all default settings.

Then you will need to install some dependencies. The required dependencies for this tutorial are:

  • ExpressJS: ExpressJS is a NodeJS framework that provides a robust set of features for web and mobile applications. It simplifies the process of building backend applications with NodeJS.
  • Express Rate Limit: Express Rate Limit is a rate limiting middleware for ExpressJS. It limits repeated requests to public APIs and/or endpoints, such as password resets, user logins, etc.

Install the required dependencies by running:

npm install express express-rate-limit

Step 2: Create an express app

You will need to create a basic Express server that listens to requests made to your application.

First, create a index.js file in the root directory of your project. This will be the entry file for your application.

Then add the following code to your index.js case:

const express = require("express");
const app = express();
const port = process.env.PORT || 3000

app.listen(port, () => {
console.log(`App running on port ${port}`);

This code matters Express and creates an Express application by calling express() and storing its return value in the application variable. It then listens for traffic on the port 3000 by calling the Listen method on the application object.

Step 3: Create Routing Handlers

Next, create route handlers on which you can implement the rate limiting solution.

Start by creating a folder, routes, in your project’s root directory by running:

mkdir routes

Create a folder, routes.jsin your routes folder and add the following code:

const express = require("express");
const router = express.Router();

router.get("/", (req, res) => {
res.send({ message: "Hello, this is a GET request" });
});"/add-demo", (req, res) => {
res.status(201).send({ message: "Resource created successfully" });

router.put("/update-demo", (req, res) => {
res.status(201).send({ message: "Resource updated sucessfully" });

module.exports = router;

This code matters Expresscall him Router method on Expressand stores the value in a variable, router. The Router allows you to create modular and mountable routing handlers. You can create route handlers for a OBTAIN ask “/“, a PUBLISH ask “/add-demo“, and one PUT ask “/update-demo”. Finally, export the router variable.

Then import the router variables in your index.js case:

const routes = require("./routes/routes");

Then use it as middleware in your index.js file:


Make sure to place the code block above before the app.listen call.

Step 4: Implement Rate Limiting

First, create a “middleware” in the root directory of your project by running:

mkdir middleware

Then create a file called “rate-limiter.js” in the middleware directory. Add the following code to this file:

const rateLimiter = require("express-rate-limit");

const limiter = rateLimiter({
max: 5,
windowMS: 10000,
message: "You can't make any more requests at the moment. Try again later",

module.exports = limiter

The rateLimiter The function takes a configuration object with the conditions to limit the number of requests.

The properties of the configuration object above are:

  • maximum: This property should always be a Number or a function that returns a number. It represents the maximum number of requests a user can make within a specified time. If this property is not defined in the configuration object, its default value is 5.
  • windowsMS: This property must always be a number. It represents the time in which multiple requests are allowed in milliseconds. If this property is not set in the configuration object, it defaults to 60,000 milliseconds (one minute).
  • message: This property can be a string of characters, a JSON object, or any other value supported by Express’s response.send method. If this property is not set in the configuration object, it defaults to “Too many requests.” Please try again later.”

The function will then check for repeated requests to your application. If a user exceeds the limit (maximum5) on time (windowMS, 10s), it will block the request. It will also throw a “Too Many Requests” error with a status code of 429.

Finally, import the limiter function into your index.js file and apply it as global middleware in your application. Do this by placing app.use(limiter) above the routes middleware. This applies the rate limiting solution to all routes in your application.


Rate-limited specific routes

You can also apply rate limiting to specific routes. You can configure them separately to reject requests made in a different time frame, show a different message, etc.

For example, suppose you implement a user login route in your application. You may need to add a rate limiting configuration for the connection route that differs from the configuration used by the other routes.

First, you will need to remove limiter as application-level middleware and enforce it because there is no built-in middleware filtering system in ExpressJS. So even if you add a specific rate limiting solution to a route, the global middleware will still work on that route.

Next, create a new rate limiting configuration in your rate-limiter.js file and export it.

const signInLimiter = rateLimiter({
max: 3,
windowMS: 10000,
message: "Too many sign-in attempts. Try again later."

module.exports = {

The signInLimiter the configuration object has a number different from maximum queries and an error message different from the general rate limiter.

Finally, update your router.js file with the code block below:

const express = require("express");
const router = express.Router();
const {limiter, signInLimiter} = require("../middleware/rate-limiter")

router.get("/sign-in", signInLimiter, (req, res, next) => {
res.send({ message: "Hello, this is a GET request" });

router.use(limiter)"/post", (req, res) => {
res.status(201).send({ message: "Resource created successfully" });

router.put("/put", (req, res) => {
res.status(201).send({ message: "Resource updated sucessfully" });

module.exports = router;

In the code block above, you imported limiter and signInLimiter. Then you applied signInLimiter as a flow limiter specific to the “/log in” itinerary.

Finally, by placing router.use(limiter) above the rest of the routes, you have applied the limiter as a rate limiter for the rest of the routes.

The importance of rate limiting

Rate limiting reduces the load on your web server by avoiding having to process too many requests at once. It reduces bot activity, protects you from denial of service (DoS) attacks and prevents brute force attacks.

Previous Opinion: Financial education in high school has little effect on retirement savings and long-term investing
Next Amid Labor Shortage, Gen Z Demands 'EWA' Wage