StackShield
Security Practices

What Is Rate Limiting?

A technique that controls the number of requests a client can make to a server within a specified time period. Rate limiting protects against brute-force attacks, denial of service, API abuse, and web scraping by rejecting requests that exceed the defined threshold.

In Laravel Applications

Laravel provides built-in rate limiting through the throttle middleware. Configure it in RouteServiceProvider or directly in routes: Route::middleware("throttle:60,1") for 60 requests per minute. For login endpoints, use stricter limits like throttle:5,1.

Example

Without rate limiting on /login, an attacker can attempt thousands of password combinations per minute. With throttle:5,1, they are limited to 5 attempts per minute, making brute-force impractical.

Related Terms

Brute-Force Attack

An attack method that tries every possible combination of credentials until the correct one is found. Brute-force attacks target login forms, API keys, encryption keys, and any authentication mechanism that does not limit the number of attempts.

DDoS (Distributed Denial of Service)

An attack that overwhelms a server or network with traffic from many sources simultaneously, making it unavailable to legitimate users. Unlike a simple DoS attack from one source, DDoS attacks use thousands of compromised devices (a botnet) to generate traffic that is difficult to filter.

Related Articles

The Complete Laravel Security Checklist for 2026

A comprehensive, 30-point security checklist covering every layer of your Laravel application. From .env protection and security headers to debug mode detection and DNS security.

What Is External Attack Surface Management (EASM)?

External Attack Surface Management continuously discovers and monitors your internet-facing assets for security risks. Learn how EASM differs from DAST, SAST, and pentesting, and why every team shipping web apps needs it.

How to Secure a Laravel Application: The Definitive Guide

A practical, code-heavy guide to securing Laravel applications. Covers configuration hardening, authentication, input validation, XSS and CSRF protection, API security, security headers, dependency management, and production deployment.

Related Fix Guides

High

How to Fix Missing Rate Limiting in Laravel

Your Laravel login and API endpoints have no rate limiting, enabling brute-force attacks and API abuse. Add throttling now.

Monitor Your Laravel Application's Security

StackShield continuously checks your Laravel application from the outside, catching security issues before attackers find them.

Start Free Trial