Skip to main content

FAQ

1. How do I apply rate limiting to specific routes?

You can apply the middleware to individual routes:

app.post(
"/auth/reset-password",
expressRateLimiter({
limitOptions: () => {
return { max: 2, window: 3600 };
},
})
);

2. Can I set different rate limits for different users?

Yes, you can use dynamic rate limits based on user roles or API keys.

app.post(
"/upload",
expressRateLimiter({
limitOptions: (req) => {
if (req.user.isPremium === true) return { max: 100, window: 3600 };
else return { max: 50, window: 3600 };
},
})
);

3. Does this library support distributed rate limiting?

Yes, when using Redis as the storage backend, rate limits are shared across multiple servers.

4. How can I allow certain IPs to bypass rate limits?

You can whitelist IPs:

app.use(expressRateLimiter({
key: (req) => req.ip as string,
skip: ["ip-1", "ip-2"],
limitOptions: () => {
return { max: 5, window: 10 };
}
}));

5. What happens when a request exceeds the limit?

The middleware returns a 429 Too Many Requests response.

6: Why does it not work with NestJS with Fastify?

Ensure that you have configured NestJS to use Fastify as the underlying HTTP Adapter and try again.