express-rate-limit with static

Question

I have VPS with express and react bundle. The problem is that I get the same IP address (localhost) when I access the API from the frontend, therefore I cannot correctly use the express-rate-limit.

I have an express server:

const apiLimiter = rateLimit({
  windowMs: 1 * 60 * 1000,
  max: 30
});

app.use("/api/", apiLimiter);

app.use(express.static('client/build'));
app.get('*', (req, res) => {
  res.sendFile(path.resolve(__dirname, 'client', 'build', 'index.html'));
});

and proxy config in package.json of frontend:

"proxy": "http://localhost:3000/"

How to fix it and use express-rate-limit correctly?

score 1 · Answer 1 · answered Dec 05 '20 at 21:43

1

Per https://www.npmjs.com/package/express-rate-limit#usage

app.set('trust proxy', 1)

answered Dec 05 '20 at 21:43

Michael Hobbs

1,663
1
15
26

Going to need a lot more details then. Trust proxy will only work if your webserver is sending the correct headers. What's you stack and I assuming your going from HTTPS to HTTP via the webserver proxy? How are you testing this? Does it work in dev? – Michael Hobbs Dec 05 '20 at 23:28

express-rate-limit with static

1 Answers1