Laravel 5.4 - Override API 'throttle:60,1'

Asked 26/5, 2017 at 12:57 Answered 1/9, 2021 at 18:54

I'm writing a lot of API to get and store data.
I like the default throttle option:

protected $middlewareGroups = [
    'api' => [
        'throttle:60,1',
        'bindings',
    ],
];

to limit the request to 60 per minute; but for some route (es: POST), I'd like to increase this value.

I tried to set 'throttle:500,1' on route Middleware like below:

Route::group(function () {
        Route::get('semaphore/1',        ['uses' => 'App\Api\V1\DBs\SemaphoreController@index']);
        Route::post('semaphore/1',       ['uses' => 'App\Api\V1\DBs\SemaphoreController@store',        'middleware' => 'WriteToDatabaseMiddleware', 'throttle:500,1']);
});

but it does not work.

Any idea?

Thank you.

UPDATE:
I noticed that the 'throttle:500,1' used in the api.php route will be set AFTER the default 'throttle:60,1' specified into Kernel.php file; then, It doesn't work.

Logging the process execution, the first call is:

Illuminate\Routing\Middleware\ThrottleRequests -> handle

from Kernel.php has maxAttempts=60.

Then, the second call is:

Illuminate\Routing\Middleware\ThrottleRequests -> handle

from api.php has maxAttempts=500.

In others words, the throttle:500,1 in the api.php file do not override the throttle:60,1 in the Kernel.php file.

Greatuncle answered 26/5, 2017 at 12:57 Comment(0)

Current answer

According to this GitHub issue, the throttle middleware should not be used "twice" (like you want to do that). There are only two ways how to deal with your current problem "correctly":

Write an own throttling middleware

Define the throttle middleware separately for each route (group)

Old answer

You set the middleware key wrong! When declaring multiple middleware to use, create a new array for them

['middleware' => ['WriteToDatabaseMiddleware','throttle:500,1']]

EDIT: Because of the middleware order, you should set your kernel throttle to the highest value you want to use, and all other routes that should have a lower throttle value to the corresponding ones.

Rania answered 26/5, 2017 at 19:22 Comment(8)

You are welcome @Greatuncle It'd be great if you'd accept the answer because it solved your problem :) – Rania 27/5, 2017 at 7:56

I test on my code but It doesn't work; I've update my Question with the investigation. – Greatuncle 31/5, 2017 at 12:40

@Greatuncle Well, then you should change your Kernel values to throttle:500,1 (to the higher one), and all other routes that should have throttle to throttle:60,1. This should work with the request order. – Rania 31/5, 2017 at 12:49

yes, your solution is my idea... the problem is that with this approach all route will be set to 500; the I've to remember to set to 60 every new route. I prefer to have a standard value (ex: 60) and override to 500 only specific route. – Greatuncle 31/5, 2017 at 12:54

@Greatuncle I see your point. Anyway, because it looks like the problem is on the Laravel site, better create an issue on their GitHub repo. I can't do more here :| – Rania 31/5, 2017 at 13:30

@Greatuncle Update – Rania 2/6, 2017 at 7:44

Thank you @manniL, I read you "Current answer" now. Ok, It clarifies the operation; I think the solution is to create my own throttling middleware. Thank you again. – Greatuncle 2/6, 2017 at 17:26

You cannot use independent throttles on different groups in Laravel 5.x: github.com/laravel/framework/pull/28856 – Merrillmerrily 1/9, 2021 at 18:44

In laravel 6 you can use prefix for prevent with global throttle. use 'throttle:5,1,prefix'

Route::group(['prefix' => 'contact-us', 'middleware' => 'throttle:5,1,contact-form',], function () {
    Route::post('/', 'ContactUsController@store');
});

Allow multiple throttles by naming

Lactary answered 1/12, 2019 at 12:52 Comment(2)

Laravel 5.9? Do you mean Laravel 6. After 5.8 Laravel went to semantic versioning starting at version 6.0.0. – Tractarianism 5/2, 2020 at 11:2

Hi Andrew, version 5.9 is wrong and fix my answer. if you want use prefix in throttle middleware, this pull request may help you Allow multiple throttles by naming. – Lactary 7/2, 2020 at 14:51

None of the current answers explain Laravel 5.x behaviour. In that version every instance of "throttle" uses the same bucket. So if you place a throttle command in two separate locations it affects every instance.

Consider:

// User can email 5 times an hour
Route::post('/email', 'Ctrl@email')->middleware('throttle:5,60');
// User can search 100 times an hour
Route::get('/search', 'Ctrl@search')->middleware('throttle:100,60);

If a user searches 5 times in a 5 minute period, they will not able to email in the next hour.

In Laravel 5.x there is no way around this. In Laravel 6 onwards they added the ability to name throttles, giving them separate buckets.

Merrillmerrily answered 1/9, 2021 at 18:54 Comment(0)

Current answer

Old answer

Recommended topics

Hot tags