A common technique to protect applications from brute-force attacks is rate-limiting. Many Express packages exist to provide a rate-limiting feature. A popular one is express-rate-limit.
Start by installing the required package:
Once the installation is complete, apply the rate-limiter as global middleware.
When there is a load balancer or reverse proxy between the server and the internet, Express may need to be configured to trust the headers set by the proxy in order to get the correct IP for the end user. To do so, first use the
NestExpressApplication platform interface when creating your
app instance, then enable the trust proxy setting:
info Hint If you use the
FastifyAdapter, use the fastify-rate-limit package instead.