Strapi ratelimit only half

System Information
  • Strapi Version:
  • Operating System:
  • Database:
  • Node Version:
  • NPM Version:
  • Yarn Version:

I’ve set a custom ratelimit for this contacts endpoint, but it seems like I’m only getting half the limit.

If I change the limit to 20, then the request gets blocked after 10 posts. What might’ve caused this issue?


some additional references:

I have no idea. Is it possible that the plugin::users-permissions.rateLimit middleware is applied to your route as well and they stack up?

That’ll be weird, I didn’t even include plugin::users-permissions.rateLimit middleware in my config/middleware.ts file. or is it automatic set? I don’t remember being rate limited before I set my own rate limit :thinking:

Probably not then. No idea. The rateLimit middleware uses koa2-ratelimit under the hood, maybe there’s a problem there.

interesting enough, by using plugin::users-permissions.rateLimit alone gives the correct number of requests: blocked after 5 req.

I figured it out, the wording in the doc is misleading: if you are writing middleware for an endpoint only, do not register that middleware inside config/middleware.ts, doing so will cause the middleware to be called multiple times in a single request.

Don’t listen to the last line here if you are creating route-only middleware.

Indeed, that sentence is misleading. Glad you’ve figured it out.