php - Laravel Rate Limiter dont work on production (Digitalocean)
I have a problem, in my Laravel application I use Rate Limiter, which normally works on localhost it throws error 429 normally, but after uploading to digitalocean it doesn't work as if it doesn't exist at all and I can spam requets endlessly.
Do you know what to do ? Thanks
Otherwise I am using nginx and CACHE_DRIVER=memcached on hosting and on localhost apache and CACHE_DRIVER=file.
php -v 7.4
Laravel -v 7.30
I hope I'm not missing anything here.
web.php
Route::middleware('throttle:1,5')->group(function () {
Route::post('/', 'LandingPageController@store')->name('index.store')->middleware(ProtectAgainstSpam::class);
});
I also used my own middleware (config in RouteServiceProdiver.php), which again works on localhost but not on hosting
Route::middleware('throttle:test')->group(function () {
Route::post('/', 'LandingPageController@store')->name('index.store')->middleware(ProtectAgainstSpam::class);
});
Middleware (config in RouteServiceProdiver.php)
protected function configureRateLimiter()
{
RateLimiter::for('test', function (Request $request){
return Limit::perMinute(1);
});
}
Answer
Solution:
Rate limiter use RateLimiter.php class that use cache. Probably permissions issue deny hits writing on remote host.
Search this code in Illuminate\Cache\RateLimiter:
public function hit($key, $decaySeconds = 60)
{
$key = $this->cleanRateLimiterKey($key);
$this->cache->add(
$key.':timer', $this->availableAt($decaySeconds), $decaySeconds
);
$added = $this->cache->add($key, 0, $decaySeconds);
$hits = (int) $this->cache->increment($key);
// log $hits here
Log::info('Throttling hits: '.$hits);
if (! $added && $hits == 1) {
$this->cache->put($key, 1, $decaySeconds);
}
return $hits;
}
- Add temporarly something like this:
Log::info('Throttling hits: '.$hits);
under $hits variable definition
in remote
.envset temporarly APP_DEBUG totrueupload on remote host
spamming it endlessly :)
check laravel.log
In this manner you can analyze if the issue is cache writing.
Source