express-limiter icon indicating copy to clipboard operation
express-limiter copied to clipboard
verified publisher icon ded

Limit not working? Rate Limit not honored as the Request Volumes Increase

Open charlieding opened this issue 7 years ago • 1 comments

I set the rate limit at 3 TPS. When I send 4 TPS, it works and I see 3TPS rate honored. However, when I put this into production, as the volumes go up, 3 TPS begins to break. AT 10 TPS INPUT, I see ~4 TPS getting through the rate limiter. AT 40 TPS INPUT, I see ~6 TPS getting through the rate limiter.

Any help is appreciated.

var limiter = require('express-limiter')(router, client); limiter({ path: '/', method: 'post', onRateLimited: function (req, res, next) { next({ message: 'Rate limit exceeded', status: 429 }) }, lookup: function(req, res, opts, next) { opts.lookup = 'headers.id'; opts.total = 3; // 1 TPS } return next(); }, expire: 1000 // (1 seconds) });

charlieding avatar Aug 24 '18 00:08 charlieding

This package uses Get/Set approach, which is vulnerable on high traffic. Similar vulnerability was found on express-brute package.

rate-limiter-flexible package implements atomic increments.

animir avatar May 26 '19 16:05 animir