if ($this->isAttack()) {
return (new Responder())->respond($this->getResponseConfig(), $this->record, $this->maxRequestCount, $this->maxSeconds);
}
Expected feature
when under attack, and on a 429 response, override Retry-After and X-RateLimit-* headers according to maxRequestCount and maxSeconds.
And optionally, when under attack or not, be able to lower X-RateLimit-Remaining, if the laravel throttle remaining request is actually higher than the firewall remaining requests, i'm not sure if it's easily doable though, i'm not sure if calling RateLimiter::remaining is an option inside AttackBlocker
Hello,
the firewall does not provide/override some headers that laravel provide,
firewall 429 headers :
those are set by laravel ThrottleRequests middleware, but are not overriden by the firewall when under attack
laravel throttling 429 headers when the limit is reach on ThrottleRequests middleware :
I've overriden Responder:respond to add those headers :
Expected feature
when under attack, and on a 429 response, override Retry-After and X-RateLimit-* headers according to maxRequestCount and maxSeconds.
And optionally, when under attack or not, be able to lower X-RateLimit-Remaining, if the laravel throttle remaining request is actually higher than the firewall remaining requests, i'm not sure if it's easily doable though, i'm not sure if calling RateLimiter::remaining is an option inside AttackBlocker