Security Practices

What Is Rate Limiting?

In Laravel Applications

Laravel provides built-in rate limiting through the throttle middleware. Configure it in RouteServiceProvider or directly in routes: Route::middleware("throttle:60,1") for 60 requests per minute. For login endpoints, use stricter limits like throttle:5,1.

Example

Without rate limiting on /login, an attacker can attempt thousands of password combinations per minute. With throttle:5,1, they are limited to 5 attempts per minute, making brute-force impractical.

Related Terms

Brute-Force Attack

An attack method that tries every possible combination of credentials until the correct one is found. Brute-force attacks target login forms, API keys, encryption keys, and any authentication mechanism that does not limit the number of attempts.

DDoS (Distributed Denial of Service)

An attack that overwhelms a server or network with traffic from many sources simultaneously, making it unavailable to legitimate users. Unlike a simple DoS attack from one source, DDoS attacks use thousands of compromised devices (a botnet) to generate traffic that is difficult to filter.

Related Articles

The Complete Laravel Security Checklist for 2026

A comprehensive, 30-point security checklist covering every layer of your Laravel application. From .env protection and security headers to debug mode detection and DNS security.

What Is External Attack Surface Management (EASM)?

External Attack Surface Management continuously discovers and monitors your internet-facing assets for security risks. Learn how EASM differs from DAST, SAST, and pentesting, and why every team shipping web apps needs it.

How to Secure a Laravel Application: The Definitive Guide

A practical, code-heavy guide to securing Laravel applications. Covers configuration hardening, authentication, input validation, XSS and CSRF protection, API security, security headers, dependency management, and production deployment.