Nhost Logo
Back to Blog
Product | Platform | Rate Limiting

Powerful Rate Limiting is now available on the Nhost Platform

28 August 2024
Posted by
Avatar of Nuno Pato
Nuno Pato
CEO
Transparent lines
Banner of Powerful Rate Limiting is now available on the Nhost Platform

We're excited to introduce rate limiting to the Nhost platform. This new feature is designed to protect your services against abuse and ensure optimal performance for all your users.

What is Rate Limiting?

Rate limiting is a crucial security measure that restricts the number of requests a client can make to your APIs within a specified time period. This helps in:

  • Mitigating the risk of unauthorized access
  • Preventing denial of service attacks
  • Managing resource consumption effectively

How it works

Our rate limiting operates on a simple principle:

  • Each service has a maximum number of requests (burst amount) allowed within a specific time frame (recovery time).
  • For example, with a limit of 30 requests and a recovery time of 5 minutes, you can make up to 30 requests before hitting the limit.
  • The system then allows an additional request every 10 seconds until you reach the limit again.

Custom limits for different services

We've implemented rate limits across the Nhost Stack, with customized rules for different services:

  1. GraphQL, Storage, and Functions
  • These services have independent rate limits based on the client IP.
  • Requests to one service don't affect the limits of another.
  1. Auth
  • Features more complex rate-limiting rules due to the varying sensitivity of different endpoints.
  • Special limits are in place for email-sending, SMS-sending, and brute-force-sensitive endpoints.

You can configure rate limiting for your services either on the Nhost Dashboard or by using the configuration file:


_22
# Example for Auth
_22
_22
[auth.rateLimit]
_22
[auth.rateLimit.emails]
_22
limit = 10
_22
interval = '1h'
_22
_22
[auth.rateLimit.sms]
_22
limit = 10
_22
interval = '1h'
_22
_22
[auth.rateLimit.bruteForce]
_22
limit = 10
_22
interval = '5m'
_22
_22
[auth.rateLimit.signups]
_22
limit = 10
_22
interval = '5m'
_22
_22
[auth.rateLimit.global]
_22
limit = 100
_22
interval = '1m'

Very neat, if you ask me. For a full list of configurations available to all services, please check out the documentation page.

What this means for you and your users

With rate limiting in place, you can expect:

  • More robust protection against potential security threats
  • Improved overall performance of your projects
  • A more stable and reliable service for all your projects

We're constantly working to improve our platform, and rate limiting is just another example. As always, we're here to support you. If you have any questions or need assistance, please don't hesitate to reach out to our support team.

Share this post

Twitter LogoLinkedIn LogoFacebook Logo