Skip to content
Stoma

rateLimit

rateLimit(config): Policy

Defined in: src/policies/traffic/rate-limit.ts:143

Rate limit requests with pluggable storage backends.

Defaults to client IP extraction via CF-Connecting-IP or X-Forwarded-For. Sets standard X-RateLimit-* response headers on every request and throws a 429 when the limit is exceeded.

Parameters

Section titled “Parameters”

config

Section titled “config”

RateLimitConfig

Rate limit settings. max is required; other fields have sensible defaults.

Returns

Section titled “Returns”

Policy

A Policy at priority 20 (runs after auth).

Example

Section titled “Example”
// 100 requests per minute per IP (in-memory)
rateLimit({ max: 100 });


// Custom key + Cloudflare KV store
rateLimit({
  max: 50,
  windowSeconds: 300,
  keyBy: (c) => c.req.header("x-user-id") ?? "anonymous",
  store: new KVRateLimitStore(env.RATE_LIMIT_KV),
});