PHPackages zooxsmart/los-rate-limit - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [API Development](/categories/api) 4. / 5. zooxsmart/los-rate-limit ActiveLibrary[API Development](/categories/api) zooxsmart/los-rate-limit ======================== Rate Limit Middleware for PHP 1.0.2(2y ago)04.9k↑28.6%BSD-3-ClausePHPPHP ^8.2 Since Nov 8Pushed 2y ago3 watchersCompare [ Source](https://github.com/zooxsmart/los-rate-limit)[ Packagist](https://packagist.org/packages/zooxsmart/los-rate-limit)[ Docs](https://github.com/LansoWeb/LosRateLimit)[ RSS](/packages/zooxsmart-los-rate-limit/feed)WikiDiscussions master Synced 1mo ago READMEChangelogDependencies (11)Versions (4)Used By (0) Rate Limit Middleware for PHP ============================= [](#rate-limit-middleware-for-php) [![Build Status](https://camo.githubusercontent.com/5f3fcb9035395b29756370feaf41714803b866d55e5bd6cb4356f0006fdb09a7/68747470733a2f2f7472617669732d63692e6f72672f4c616e736f7765622f4c6f73526174654c696d69742e7376673f6272616e63683d6d6173746572)](https://travis-ci.org/Lansoweb/LosRateLimit) [![Latest Stable Version](https://camo.githubusercontent.com/b4f9db7b1f814d265a9cb3f74826281970120dc4770760613fc591b10d955f14/68747470733a2f2f706f7365722e707567782e6f72672f6c6f732f6c6f732d726174652d6c696d69742f762f737461626c652e737667)](https://packagist.org/packages/los/los-rate-limit) [![Total Downloads](https://camo.githubusercontent.com/96a11dfc12bd4b520530884270a10be27c5d7488640e66cfcb4b514eaefb0c8b/68747470733a2f2f706f7365722e707567782e6f72672f6c6f732f6c6f732d726174652d6c696d69742f646f776e6c6f6164732e737667)](https://packagist.org/packages/los/los-rate-limit) LosRateLimit is a php middleware to implement a rate limit. First, the middleware will look for an X-Api-Key header to use as key. If not found, it will fall back to the remote IP. Each one has its own limits (see configuration below). Attention! This middleware does not validate the Api Key, you must add a middleware before this one to validate it. Requirements ------------ [](#requirements) - PHP >= 8.0 - Psr\\SimpleCache implementation Installation ------------ [](#installation) ``` composer require los/los-rate-limit ``` ### Configuration [](#configuration) ``` 'los' => [ 'rate-limit' => [ 'max_requests' => 100, 'reset_time' => 3600, 'ip_max_requests' => 100, 'ip_reset_time' => 3600, 'api_header' => 'X-Api-Key', 'trust_forwarded' => false, 'prefer_forwarded' => false, 'forwarded_headers_allowed' => [ 'Client-Ip', 'Forwarded', 'Forwarded-For', 'X-Cluster-Client-Ip', 'X-Forwarded', 'X-Forwarded-For', ], 'forwarded_ip_index' => null, 'headers' => [ 'limit' => 'X-RateLimit-Limit', 'remaining' => 'X-RateLimit-Remaining', 'reset' => 'X-RateLimit-Reset', ], 'keys' => [ 'b9155515728fa0f69d9770f7877cb50a' => [ 'max_requests' => 100, 'reset_time' => 3600, ], ], 'ips' => [ '127.0.0.1' => [ 'max_requests' => 100, 'reset_time' => 3600, ], ], 'hash_ips' => false, 'hash_salt' => 'Los%Rate', ], ], ``` - `max_requests` How many requests are allowed before the reset time (using API Key) - `reset_time` After how many seconds the counter will be reset (using API Key) - `ip_max_requests` How many requests are allowed before the reset time (using remote IP Key) - `ip_reset_time` After how many seconds the counter will be reset (using remote IP Key) - `api_header` Header name to get the api key from. - `trust_forwarded` If the X-Forwarded (and similar) headers and be trusted. If not, only $\_SERVER\['REMOTE\_ADDR'\] will be used. - `prefer_forwarded` Whether forwarded headers should be used in preference to the remote address, e.g. if all requests are forwarded through a routing component or reverse proxy which adds these headers predictably. This is a bad idea unless your app can **only** be reached this way. - `forwarded_headers_allowed` An array of strings which are headers you trust to contain source IP addresses. - `forwarded_ip_index` If null (default), the first plausible IP in an XFF header (reading left to right) is used. If numeric, only a specific index of IP is used. Use `-2` to get the penultimate IP from the list, which could make sense if the header always ends `..., `. Or use `0` to use only the first IP (stopping if it's not valid). Like `prefer_forwarded`, this only makes sense if your app's always reached through a predictable hop that controls the header - remember these are easily spoofed on the initial request. - `keys` Specify different max\_requests/reset\_time per api key - `ips` Specify different max\_requests/reset\_time per IP - `hash_ips` Enable the hashing of IP addresses before storing them. This is particularly useful when using a filesystem-based cache implementation and working with IPv6 addresses. A salted MD5-hash will be used if you set this to `true`. - `hash_salt' This setting allows you to optionally define a custom salt when using hashed IP addresses. Only effective when `hash\_ips`is`true`. The values above indicate that the user can trigger 100 requests per hour. If you want to disable ip access (e.g. allowing just access via X-Api-Key), just set ip\_max\_requests to 0 (zero). Usage ----- [](#usage) Just add the middleware as one of the first middlewares. The provided factory uses the container to get a \\Psr\\SimpleCache\\CacheInterface (PSR-16). Most implementations provide both PSR-6 and PSR-16, or at least a decorator. Recommended: [zend-cache](https://github.com/laminas/laminas-cache) or [symfony/cache](https://github.com/symfony/cache). ### Laminas / Mezzio [](#laminas--mezzio) If you are using [mezzio-skeleton](https://github.com/mezzio/mezzio-skeleton), you can copy `config/los-rate-limit.local.php.dist` to `config/autoload/los-rate-limit.local.php` and modify configuration as your needs. ### Health Score 31 — LowBetter than 68% of packages Maintenance20 Infrequent updates — may be unmaintained Popularity23 Limited adoption so far Community14 Small or concentrated contributor base Maturity57 Maturing project, gaining track record Bus Factor1 Top contributor holds 78.3% of commits — single point of failure How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window. **Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores. **Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement. **Maturity (30%)** — Project age, version count, PHP version support, and release stability. ### Release Activity Cadence Every ~17 days Total 3 Last Release 889d ago PHP version history (2 changes)1.0.0PHP ^8.1 1.0.2PHP ^8.2 ### Community Maintainers ![](https://www.gravatar.com/avatar/9155a672b863ca2243f6b3d69d61d55bf35ae8e421c1b4f1655293a34d0451ba?d=identicon)[talbuquerque](/maintainers/talbuquerque) --- Top Contributors [![Lansoweb](https://avatars.githubusercontent.com/u/2109813?v=4)](https://github.com/Lansoweb "Lansoweb (36 commits)")[![talbuquerque](https://avatars.githubusercontent.com/u/20418669?v=4)](https://github.com/talbuquerque "talbuquerque (3 commits)")[![AndreasMaros](https://avatars.githubusercontent.com/u/25008845?v=4)](https://github.com/AndreasMaros "AndreasMaros (2 commits)")[![NoelLH](https://avatars.githubusercontent.com/u/3274454?v=4)](https://github.com/NoelLH "NoelLH (2 commits)")[![samsonasik](https://avatars.githubusercontent.com/u/459648?v=4)](https://github.com/samsonasik "samsonasik (2 commits)")[![darkorsa](https://avatars.githubusercontent.com/u/13408084?v=4)](https://github.com/darkorsa "darkorsa (1 commits)") --- Tags middlewareapilimitRate ### Code Quality TestsPHPUnit Static AnalysisPHPStan Code StylePHP\_CodeSniffer Type Coverage Yes ### Embed Badge ![Health badge](/badges/zooxsmart-los-rate-limit/health.svg) ``` [![Health](https://phpackages.com/badges/zooxsmart-los-rate-limit/health.svg)](https://phpackages.com/packages/zooxsmart-los-rate-limit) ``` ### Alternatives [cakephp/cakephp The CakePHP framework 8.8k18.5M1.6k](/packages/cakephp-cakephp)[los/los-rate-limit Rate Limit Middleware for PHP 2737.9k1](/packages/los-los-rate-limit)[thecodingmachine/graphqlite Write your GraphQL queries in simple to write controllers (using webonyx/graphql-php). 5723.1M30](/packages/thecodingmachine-graphqlite)[algolia/algoliasearch-client-php API powering the features of Algolia. 69433.0M114](/packages/algolia-algoliasearch-client-php)[cakephp/authentication Authentication plugin for CakePHP 1153.6M67](/packages/cakephp-authentication)[wordpress/php-ai-client A provider agnostic PHP AI client SDK to communicate with any generative AI models of various capabilities using a uniform API. 26236.6k14](/packages/wordpress-php-ai-client) PHPackages © 2026 [Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)