CD
Cloudflare Developers2w ago
fisher

Cloudflare Rate Limiting not being in Effect

Hey there, I'm trying to get rate limiting working on my hono app, but nothing seems to be working?? I've configured it correctly and even put down temporary crazy limits and it doesn't seem to rate limit my functions from being called. (Yes, I know it doesn't stop someone from sending 20 requests or whatever but my functions are still being called 20 times, even after checking for the rate limits) jsonc config: 
"unsafe": {
        "bindings": [
            {
                "name": "RATE_LIMITER",
                "type": "ratelimit",
                "namespace_id": "1001",
                "simple": {
                    "limit": 1,
                    "period": 60
                }
            }
        ]
    }
"unsafe": {
        "bindings": [
            {
                "name": "RATE_LIMITER",
                "type": "ratelimit",
                "namespace_id": "1001",
                "simple": {
                    "limit": 1,
                    "period": 60
                }
            }
        ]
    }
relevant sample code: 
type AppType = {
    Variables: {
        rateLimit: boolean;
    };
    Bindings: {
        WEBHOOK_ID: string;
        WEBHOOK_TOKEN: string;
        RATE_LIMITER: RateLimit;
    };
};

const app = new Hono<AppType>().use(
    cloudflareRateLimiter<AppType>({
        rateLimitBinding: (c) => c.env.RATE_LIMITER,
        keyGenerator: (c) => "sameKeyEveryTime"
    }),
);

app.post("/tba", async (c) => {
  return c.text("not rate limited", 200);
});
type AppType = {
    Variables: {
        rateLimit: boolean;
    };
    Bindings: {
        WEBHOOK_ID: string;
        WEBHOOK_TOKEN: string;
        RATE_LIMITER: RateLimit;
    };
};

const app = new Hono<AppType>().use(
    cloudflareRateLimiter<AppType>({
        rateLimitBinding: (c) => c.env.RATE_LIMITER,
        keyGenerator: (c) => "sameKeyEveryTime"
    }),
);

app.post("/tba", async (c) => {
  return c.text("not rate limited", 200);
});
2 Replies
fisher
fisherOP2w ago
even when doing this: it log's out true (true as in not rate limited): 
const { success } = await c.env.RATE_LIMITER.limit({ key: "test " });
    console.log(`not RL: ${success}`);
const { success } = await c.env.RATE_LIMITER.limit({ key: "test " });
    console.log(`not RL: ${success}`);
flashblaze
flashblaze2w ago
This is my code and is working for me 
  cloudflareRateLimiter<Env>({
    rateLimitBinding: (c) => c.env.MY_RATE_LIMITER,
    keyGenerator: (c) => {
      try {
        const cookieData = JSON.parse(getCookie(c, getCookieName(c.env.ENVIRONMENT)) ?? '{}');
        return cookieData.userId ?? c.req.header('CF-Connecting-IP') ?? '';
      } catch (_err) {
        deleteCookie(c, getCookieName(c.env.ENVIRONMENT), getCookieOptions(c.env.ENVIRONMENT));
        return c.json({ message: 'Unauthorized' }, 401);
      }
    },
      handler: (c) => {
        deleteCookie(c, getCookieName(c.env.ENVIRONMENT), getCookieOptions(c.env.ENVIRONMENT));
        return c.json(
          {
            message: 'Rate limit exceeded',
          },
          429
        );
      },
  })
  cloudflareRateLimiter<Env>({
    rateLimitBinding: (c) => c.env.MY_RATE_LIMITER,
    keyGenerator: (c) => {
      try {
        const cookieData = JSON.parse(getCookie(c, getCookieName(c.env.ENVIRONMENT)) ?? '{}');
        return cookieData.userId ?? c.req.header('CF-Connecting-IP') ?? '';
      } catch (_err) {
        deleteCookie(c, getCookieName(c.env.ENVIRONMENT), getCookieOptions(c.env.ENVIRONMENT));
        return c.json({ message: 'Unauthorized' }, 401);
      }
    },
      handler: (c) => {
        deleteCookie(c, getCookieName(c.env.ENVIRONMENT), getCookieOptions(c.env.ENVIRONMENT));
        return c.json(
          {
            message: 'Rate limit exceeded',
          },
          429
        );
      },
  })
Can you share a minimal example?

Did you find this page helpful?