Laravel 8 rate limiter not working for routes

Question

In the web.php routes, I have the following:

Route::middleware('throttle:3,1')->group(function () {
    Route::get('/about', function () {
        return "About Info";
    });
});

The Laravel Framework is 8.19.0.

Ideally, when someone hits the page more than 3 times in 1 minute, laravel should give 429 Too Many Attempts Response. But it does not. I am not getting the 429 response after 3 times.

How to fix this?

Thanks

Answer 1

Since Laravel 8 you can configure rate limits in the method configureRateLimiting() of the App\Providers\RouteServiceProvider .

For example:

protected function configureRateLimiting()
{
    RateLimiter::for('api', function (Request $request) {
        return Limit::perMinute(60)->by(optional($request->user())->id ?: $request->ip());
    });
}

Should you have updated from Laravel 7 do not forget to add the call to the method in the boot() method of the RouteServiceProvider . Otherwise the limits will not be applied.

public function boot()
{
    $this->configureRateLimiting();

    parent::boot();
}

See also documentation: https://laravel.com/docs/8.x/routing#rate-limiting and Laracasts video: https://laracasts.com/series/whats-new-in-laravel-8/episodes/9

Answer 2

go to the .env file and check your cache driver if CACHE_DRIVER=none , set a cache driver.
Laravel support Supported: "apc", "array", "database", "file", "memcached", "redis", "dynamodb"

Answer 3

I have got the issue. In the config/cache.php, the default was set to "null". I changed to "database". Now, this is working fine.

Answer 4

in laravel 8 i had implemented this in this way, its easy to use:

in RouteServiceProvider.php just add:

use Illuminate\Http\Response;
use Illuminate\Support\Facades\RateLimiter;


    protected function configureRateLimiting()
    {
        RateLimiter::for('login', function (Request $request) {
            $key = 'login.' . $request->input('username') . '.' . $request->ip();
            $max = 5;  //attempts
            $decay = 120; // 120 seconds/2 minute for suspending 

            if (RateLimiter::tooManyAttempts($key, $max)) {
                return response()->json(['message' => __("messages.login.throttle.suspension")], Response::HTTP_UNPROCESSABLE_ENTITY);
            } else {
                RateLimiter::hit($key, $decay);
            }

        });
    }

Answer 5

The problem occurs because the provider files that do not correspond to the current version of Laravel were replaced, the solution is to compress the entire project folder if it is being uploaded to the server and if the problem is on the local computer, restore the project with a new installation

Answer 6

Approach 1

app/Http/Providers/RouteServiceProvider.php

The default configureRateLimiting() method is already there.

Approach 2

routes/api.php

Route::post('/send-otp', 'UtilityController@sendOtp')->middleware(['throttle:5,1']);