Node.js – Protection from Brute Force and DDOS Attacks

 

If you are building a Node application with Express or with another framework built on express e.g. feathers.js , Koa.js, Kraken, Sails, socket.io or another frameworks listed on http://expressjs.com/en/resources/frameworks.html, you can use the express-rate-limit middleware to protect Your solution from Brute Force and DDOS AttacksThis middleware prevents website, public REST API, and/or endpoints such as password reset from being bombarded by a large set of requests and subsequently crashing, by rate limiting all requests.

Install

$ npm install --save express-rate-limit

Usage

For an API-only server where the rate-limiter should be applied to all requests:

var RateLimit = require('express-rate-limit');
 
app.enable('trust proxy'); // only if you're behind a reverse proxy (Heroku, Bluemix, AWS if you use an ELB, custom Nginx setup, etc) 
 
var limiter = new RateLimit({
  windowMs: 15*60*1000, // 15 minutes 
  max: 100, // limit each IP to 100 requests per windowMs 
  delayMs: 0 // disable delaying - full speed until the max limit is reached 
});
 
//  apply to all requests 
app.use(limiter);

For a “regular” web server (e.g. anything that uses express.static()), where the rate-limiter should only apply to certain requests:

var RateLimit = require('express-rate-limit');
 
app.enable('trust proxy'); // only if you're behind a reverse proxy (Heroku, Bluemix, AWS if you use an ELB, custom Nginx setup, etc) 
 
var apiLimiter = new RateLimit({
  windowMs: 15*60*1000, // 15 minutes 
  max: 100,
  delayMs: 0 // disabled 
});
 
// only apply to requests that begin with /api/ 
app.use('/api/', apiLimiter);

Create multiple instances to apply different rules to different routes:

var RateLimit = require('express-rate-limit');
 
app.enable('trust proxy'); // only if you're behind a reverse proxy (Heroku, Bluemix, AWS if you use an ELB, custom Nginx setup, etc) 
 
var apiLimiter = new RateLimit({
  windowMs: 15*60*1000, // 15 minutes 
  max: 100,
  delayMs: 0 // disabled 
});
app.use('/api/', apiLimiter);
 
var createAccountLimiter = new RateLimit({
  windowMs: 60*60*1000, // 1 hour window 
  delayAfter: 1, // begin slowing down responses after the first request 
  delayMs: 3*1000, // slow down subsequent responses by 3 seconds per request 
  max: 5, // start blocking after 5 requests 
  message: "Too many accounts created from this IP, please try again after an hour"
});
app.post('/create-account', createAccountLimiter, function(req, res) {
 //... 
});

More information You can find out on https://www.npmjs.com/package/express-rate-limit

October 3rd, 2017
Posted in Express.js, Feathersjs, Kraken.js, Node.js, socket.io

  • After research a few of the weblog posts in your website now, and I truly like your method of blogging. I bookmarked it to my bookmark web site record and shall be checking again soon. Pls try my web site as well and let me know what you think..

  • Thanks a lot for providing individuals with an extremely marvellous opportunity to read in detail from this site. It can be very useful plus stuffed with a good time for me personally and my office fellow workers to visit your web site really 3 times in 7 days to study the new secrets you have got. Of course, I am also certainly astounded for the extraordinary pointers served by you. Certain 4 areas in this posting are definitely the most impressive we’ve had..

  • I抦 impressed, I must say. Really not often do I encounter a weblog that抯 both educative and entertaining, and let me inform you, you might have hit the nail on the head. Your concept is outstanding; the difficulty is something that not sufficient persons are speaking intelligently about. I’m very pleased that I stumbled across this in my search for something regarding this..

  • I as well as my buddies have already been looking through the excellent tactics on your site while quickly came up with an awful suspicion I never expressed respect to you for those strategies. These ladies had been as a result passionate to see them and have in effect in truth been taking pleasure in those things. Thanks for getting well accommodating and also for settling on this form of remarkable themes millions of individuals are really desirous to be informed on. My very own sincere regret for not expressing gratitude to you sooner..

  • A formidable share, I just given this onto a colleague who was doing just a little analysis on this. And he in reality purchased me breakfast as a result of I found it for him.. smile. So let me reword that: Thnx for the treat! But yeah Thnkx for spending the time to discuss this, I feel strongly about it and love studying extra on this topic. If possible, as you become experience, would you thoughts updating your blog with more particulars? It’s extremely useful for me. Large thumb up for this weblog put up!.

  • I’m also commenting to let you know what a exceptional discovery my wife’s child experienced visiting your web site. She noticed lots of issues, not to mention what it’s like to have an awesome teaching mindset to make certain people smoothly grasp chosen problematic matters. You actually surpassed our own desires. Many thanks for coming up with these invaluable, dependable, informative not to mention unique tips on the topic to Mary..

  • Thanks so much for giving everyone a very special chance to read in detail from this site. It can be very useful and jam-packed with amusement for me personally and my office colleagues to search your website really 3 times per week to study the latest secrets you have got. And definitely, I’m so at all times astounded with your striking pointers you give. Selected 3 areas in this post are clearly the most suitable I’ve ever had..

  • I want to point out my affection for your generosity for folks that actually need help with this one question. Your real commitment to passing the message throughout appears to be really invaluable and has usually helped workers just like me to realize their pursuits. This useful publication denotes a whole lot to me and substantially more to my peers. Many thanks; from everyone of us..

  • Oh my goodness! an amazing article dude. Thanks Nevertheless I’m experiencing difficulty with ur rss . Don抰 know why Unable to subscribe to it. Is there anybody getting similar rss drawback? Anybody who is aware of kindly respond. Thnkx.