Allow guest clients to be rate limited, using their IP as the identifier.
The preferred way to install this extension is through composer.
Either run
php composer.phar require andreyv/yii2-ip-ratelimiter "2.*"
or add
"andreyv/yii2-ip-ratelimiter": "2.*"
to the require section of your composer.json
file.
Modify the bahavior method of the controller you want to rate limit
public function behaviors()
{
$behaviors = parent::behaviors();
$behaviors['rateLimiter'] = [
// Use class
'class' => \andreyv\ratelimiter\IpRateLimiter::class,
// The maximum number of allowed requests
'rateLimit' => 100,
// The time period for the rates to apply to
'timePeriod' => 600,
// Separate rate limiting for guests and authenticated users
// Defaults to false
// - false: use one set of rates, whether you are authenticated or not
// - true: use separate ratesfor guests and authenticated users
'separateRates' => true,
// Whether to return HTTP headers containing the current rate limiting information
'enableRateLimitHeaders' => false,
// Array of actions on which to apply ratelimiter, if empty - applies to all actions
'actions' => ['index'],
// Allows to skip rate limiting for test environment
'testMode' => true,
// Defines whether proxy enabled, list of headers getting from request ipHeaders. By default ['X-Forwarded-For']
'proxyEnabled' => false
];
return $behaviors;
}
Forked from ethercreative/yii2-ip-ratelimiter.