PHPackages                             ez-php/rate-limiter - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Framework](/categories/framework)
4. /
5. ez-php/rate-limiter

ActiveLibrary[Framework](/categories/framework)

ez-php/rate-limiter
===================

Rate limiter module for the ez-php framework — array, Redis, and cache-backed drivers with ThrottleMiddleware

1.11.1(1mo ago)0313↓90%1MITPHPPHP ^8.5CI passing

Since Mar 18Pushed 1mo agoCompare

[ Source](https://github.com/ez-php/rate-limiter)[ Packagist](https://packagist.org/packages/ez-php/rate-limiter)[ Docs](https://github.com/ez-php/rate-limiter)[ RSS](/packages/ez-php-rate-limiter/feed)WikiDiscussions main Synced 3w ago

READMEChangelogDependencies (20)Versions (37)Used By (1)

ez-php/rate-limiter
===================

[](#ez-phprate-limiter)

Request throttling for ez-php applications — three backends, a unified interface, and a plug-in `ThrottleMiddleware`.

---

Installation
------------

[](#installation)

```
composer require ez-php/rate-limiter
```

---

Drivers
-------

[](#drivers)

DriverPersistenceExternal requirementConcurrency-safe`ArrayDriver`In-process (lost on restart)None**No** — single-process/test use only`RedisDriver`Redis`ext-redis`Yes — atomic `INCR``CacheDriver`Delegates to `ez-php/cache`Any configured cache driverDriver-dependent> **Warning:** `ArrayDriver` uses a plain PHP array without atomic operations. Concurrent requests (e.g. PHP-FPM workers) can race and both be allowed through simultaneously. Use `RedisDriver` or `CacheDriver` in production.

---

Basic usage
-----------

[](#basic-usage)

```
use EzPhp\RateLimiter\ArrayDriver;

$limiter = new ArrayDriver();

if (!$limiter->attempt('login:' . $ip, maxAttempts: 5, decaySeconds: 60)) {
    // Too many attempts — respond with 429
}

$limiter->remainingAttempts('login:' . $ip, 5); // how many hits are still allowed
$limiter->resetAttempts('login:' . $ip);        // clear the counter (e.g. on success)
```

---

ThrottleMiddleware
------------------

[](#throttlemiddleware)

Plug into the framework middleware pipeline for per-IP global or per-route throttling:

```
// Global — in AppServiceProvider::boot()
$app->middleware(new ThrottleMiddleware($limiter, maxAttempts: 60, decaySeconds: 60));

// Per-route
$router->get('/login', [LoginController::class, 'store'])
    ->middleware(new ThrottleMiddleware($limiter, maxAttempts: 5, decaySeconds: 60));
```

The middleware:

- Resolves the client IP from `X-Forwarded-For` (first value) or falls back to `REMOTE_ADDR`.
- Returns **HTTP 429** with body `Too Many Requests` when the limit is exceeded.
- Adds `X-RateLimit-Limit` and `X-RateLimit-Remaining` headers on every passing response.

---

Service provider
----------------

[](#service-provider)

Register `RateLimiterServiceProvider` in `provider/modules.php`:

```
\EzPhp\RateLimiter\RateLimiterServiceProvider::class,
```

Create `config/rate_limiter.php`:

```