rate_limits

Rate Limits allows you to create configurations to limit access in a given window. It is currently built on top of core's flood service to provide protection against DoS attacks. By limiting the rate that a particular user or a particular IP can access your Drupal site you can prevent these types of attacks.

Usage

In order to configure the rate limits you will need to tag the routes where you want them to apply. You can use the Tagged Routes module to manually tag routes, or you can tag them programmatically in the route configuration like this:

rate_limits.first_test_route1:
  path: '/rate-limits/test1'
  defaults:
    _controller: '\Drupal\rate_limits_test\RateLimitsTestController::handle'
    _title: 'Gen 204'
  no_cache: TRUE
  options:
    tags: ['first_tag', 'second_tag']

Once your routes are tagged you can create a Rate Limit configuration with tags in it. You can create a rate limit by going to /admin/structure/rate_limit_config. When a tagged route is accessed the rate limit configuration that matches those tags is in effect. After the rate limit is exceeded your request will return with a 429 error.