search

NebulaServices / Nebula

a stunning and sleek web proxy with support for hundreds of popular sites.
https://docs.nebulaproxy.io/
279 stars 3.75k forks source link

[Feature] Built in rate limiting #114

Closed Baggette closed 1 year ago

Baggette commented 1 year ago

It would be very nice if it had built in rate limiting as when I host it I get ddosed more specifically post request spam to /api/bare/v2, I was wondering if a feature could be implemented serverside to enable/disable a rate limit and maybe have something like how strict the rate limit is. (Yes I use cloudlfare, its not helping much the only thing that helped was removing my proxy's subdomain)

edit: spelling

cohenerickson commented 1 year ago

Any rate limiting you need should be configured through your nginx or other reverse proxy config.

GreenyDEV commented 1 year ago

Since we use express, you can use Express-rate-limit as an app. 

import rateLimit from 'express-rate-limit'

// ...

const limiter = rateLimit({
    windowMs: 15 * 60 * 1000, // 15 minutes
    max: 100, // Limit each IP to 100 requests per `window` (here, per 15 minutes)
    standardHeaders: true, // Return rate limit info in the `RateLimit-*` headers
    legacyHeaders: false, // Disable the `X-RateLimit-*` headers
})

// Apply the rate limiting middleware to all requests
app.use(limiter)
Baggette commented 1 year ago

hmmmm thanks for the responses, I didn't realize that apache supported rate limiting. Ill probably figure something out. Thanks