RateLimit using PHP and Redis cache
IP-Based rate limit
The rateLimit function establishes a connection with Redis using the Redis PHP extension.
-
The client's IP address is retrieved using
$_SERVER['REMOTE_ADDR']
. -
A unique key is generated based on the client's IP address to store the request count.
-
The current request count for the IP address is fetched using
$redis->get($key)
Endpoint-based rate limit
The endpointRateLimit function takes the maxRequests (maximum allowed requests within the timeWindow) and timeWindow (duration in seconds for rate limiting) as arguments.
-
We retrieve the endpoint or route path from the
$_SERVER['REQUEST_URI']
superglobal variable. -
We create a unique key for the endpoint using the $key variable.
-
We create a unique key for the endpoint using the $key variable.
-
We connect to Redis using the Redis class and the appropriate connection details.
-
If the request count doesn't exist or has expired, it is initialized to 1, stored in Redis using $redis->set(), and given an expiration time using $redis->expire().
-
If the request count exists, it is incremented using $redis->incr().
-
The code checks if the request count exceeds the maximum allowed requests. If so, it returns an error response (HTTP status code 429) and exits.
-
If the rate limit is not exceeded, the code proceeds with normal execution and returns an output
Remember to update the Redis server details ($redis->connect()) to match your Redis server configuration.
If you prefer to use Memcached instead of Redis, you can replace the Redis-related code with the appropriate Memcached functions. The overall logic will remain the same, but the method names and syntax will differ for Memcached usage.