Podcast
Get Unstuck
Rate-limiting is a vital security practice in our applications.
For logged-in users, it's easy to limit per user and be very granular. But we also need to protect sensitive routes, like our login flow, from abuse by unauthenticated users.
Since we don't yet have a user identified, a common approach is to rate limit using the IP address, but that presents a wrinkle: What if our app is hosted behind a tool like Cloudflare that proxies all user traffic?
In today's video, I'll show how we can set up our TrustProxies middleware to trust CloudFlare, but not open it up to the world.
And after watching, don't forget to subscribe to our YouTube channel, so you don't miss future videos.
Here to help,
Joel
P.S. Download our free security ebook and check 7 quick ways to make your app more secure.