Level 63
I'm not sure, but I think that you can't use non integer values.
throttle:1,0.5
Oct 2, 2024
3
Level 1
is throttle middleware route-specific?
I have the following two routes defined:
Route::middleware('auth')->group(function () {
Route::get('verify-email/{code}', VerifyEmailController::class)
->middleware('throttle:6,1')
->name('verification.verify');
Route::post('email/verification-notification', [EmailVerificationNotificationController::class, 'store'])
->middleware('throttle:1,0.5')
->name('verification.send');
});
For the first route, the rate limit is 6 requests per minute, and for the other 1 request per 30 seconds. However, for some reason, if I try to call email/verfication-notification within 30 seconds of calling verify-email/{code}, I get greeted with 429! Is this expected behavior in Laravel? I'm very confused, because my impression was that ->middleware(''throttle') is applied on a per-route basis.
p.s. more than 30 seconds definitely passes between calls to email/verfication-notification
Level 50
@vincent15000 You can.
Level 50
Not by default. You need to pass a key prefix as the third parameter, e.g.:
Route::post('email/verification-notification', [EmailVerificationNotificationController::class, 'store'])
->middleware('throttle:3,1,verify-email')
->name('verification.send');
Throttled requests are recorded using a string key. In the example above, the key would be a combination of the string 'verify-email' plus a user identifier. That's the user's ID for authorized users, and IP address for guests.
If you want different logic, you can define your own route rate limiters:
Please or to participate in this conversation.