Screencast
19. Rate limiting Phoenix application Hammer
Securing Login Attempts with Rate Limiting
In this video, we're going to boost the security of our Phoenix application by adding rate limiting using the Hammer library. We'll start by securing our login process to prevent brute force attacks and protect user accounts. I'll show you how to set up Hammer to track and restrict excessive login attempts, ensuring unauthorized users can't try unlimited times. We'll also write a test to make sure it works as expected.
Creating a Custom Plug for Application-wide Rate Limiting
After securing the login, we'll create a custom plug to apply rate limiting across the entire application. This plug will help manage the number of requests users can make, preventing abuse and keeping our app responsive even under heavy traffic. We'll handle critical aspects like extracting the user's remote IP from the connection, which is essential for tracking the number of requests from each IP address.
Applying Rate Limiting to API Endpoints and Handling Remote IPs
We'll address an important gotcha when deploying your app behind a firewall or proxy server by using the Remote IP library to accurately extract the client's IP address from request headers. Then, we'll apply rate limiting to API endpoints by leveraging each team's predefined rate limit stored in the database. This ensures that our application effectively manages resource usage while maintaining high performance.