CD
Cloudflare Developers8mo ago
fisher

Cloudflare Rate Limiting not being in Effect

Hey there, I'm trying to get rate limiting working on my hono app, but nothing seems to be working?? I've configured it correctly and even put down temporary crazy limits and it doesn't seem to rate limit my functions from being called. (Yes, I know it doesn't stop someone from sending 20 requests or whatever but my functions are still being called 20 times, even after checking for the rate limits) jsonc config: 
"unsafe": {
        "bindings": [
            {
                "name": "RATE_LIMITER",
                "type": "ratelimit",
                "namespace_id": "1001",
                "simple": {
                    "limit": 1,
                    "period": 60
                }
            }
        ]
    }
"unsafe": {
        "bindings": [
            {
                "name": "RATE_LIMITER",
                "type": "ratelimit",
                "namespace_id": "1001",
                "simple": {
                    "limit": 1,
                    "period": 60
                }
            }
        ]
    }
relevant sample code: 
type AppType = {
    Variables: {
        rateLimit: boolean;
    };
    Bindings: {
        WEBHOOK_ID: string;
        WEBHOOK_TOKEN: string;
        RATE_LIMITER: RateLimit;
    };
};

const app = new Hono<AppType>().use(
    cloudflareRateLimiter<AppType>({
        rateLimitBinding: (c) => c.env.RATE_LIMITER,
        keyGenerator: (c) => "sameKeyEveryTime"
    }),
);

app.post("/tba", async (c) => {
  return c.text("not rate limited", 200);
});
type AppType = {
    Variables: {
        rateLimit: boolean;
    };
    Bindings: {
        WEBHOOK_ID: string;
        WEBHOOK_TOKEN: string;
        RATE_LIMITER: RateLimit;
    };
};

const app = new Hono<AppType>().use(
    cloudflareRateLimiter<AppType>({
        rateLimitBinding: (c) => c.env.RATE_LIMITER,
        keyGenerator: (c) => "sameKeyEveryTime"
    }),
);

app.post("/tba", async (c) => {
  return c.text("not rate limited", 200);
});
3 Replies
fisher
fisherOP8mo ago
even when doing this: it log's out true (true as in not rate limited): 
const { success } = await c.env.RATE_LIMITER.limit({ key: "test " });
    console.log(`not RL: ${success}`);
const { success } = await c.env.RATE_LIMITER.limit({ key: "test " });
    console.log(`not RL: ${success}`);
flashblaze
flashblaze8mo ago
This is my code and is working for me 
  cloudflareRateLimiter<Env>({
    rateLimitBinding: (c) => c.env.MY_RATE_LIMITER,
    keyGenerator: (c) => {
      try {
        const cookieData = JSON.parse(getCookie(c, getCookieName(c.env.ENVIRONMENT)) ?? '{}');
        return cookieData.userId ?? c.req.header('CF-Connecting-IP') ?? '';
      } catch (_err) {
        deleteCookie(c, getCookieName(c.env.ENVIRONMENT), getCookieOptions(c.env.ENVIRONMENT));
        return c.json({ message: 'Unauthorized' }, 401);
      }
    },
      handler: (c) => {
        deleteCookie(c, getCookieName(c.env.ENVIRONMENT), getCookieOptions(c.env.ENVIRONMENT));
        return c.json(
          {
            message: 'Rate limit exceeded',
          },
          429
        );
      },
  })
  cloudflareRateLimiter<Env>({
    rateLimitBinding: (c) => c.env.MY_RATE_LIMITER,
    keyGenerator: (c) => {
      try {
        const cookieData = JSON.parse(getCookie(c, getCookieName(c.env.ENVIRONMENT)) ?? '{}');
        return cookieData.userId ?? c.req.header('CF-Connecting-IP') ?? '';
      } catch (_err) {
        deleteCookie(c, getCookieName(c.env.ENVIRONMENT), getCookieOptions(c.env.ENVIRONMENT));
        return c.json({ message: 'Unauthorized' }, 401);
      }
    },
      handler: (c) => {
        deleteCookie(c, getCookieName(c.env.ENVIRONMENT), getCookieOptions(c.env.ENVIRONMENT));
        return c.json(
          {
            message: 'Rate limit exceeded',
          },
          429
        );
      },
  })
Can you share a minimal example?
noop
noop4mo ago
Did you ever get this working @fisher ? I'm hitting the same issue. I've used https://github.com/rhinobase/hono-rate-limiter/tree/main/packages/cloudflare and also just using the binding directly.
GitHub
hono-rate-limiter/packages/cloudflare at main · rhinobase/hono-rat...
Rate Limit middleware for Hono Server. Contribute to rhinobase/hono-rate-limiter development by creating an account on GitHub.

Did you find this page helpful?