Security Hub

Bring your software development workflows to security

rate limit

Rate Limiting

Signals & Triggers

On request
If predefined threshold is reached


  • block incoming http request block incoming http request
  • Send a slack notification Send a Slack notification
  • Send an email notification Send an email notification
  • POST to webhook
  • Set the http header
  • Log request stack trace


This plugin enables you to quickly deploy rate limit in your application. Rate limit consists in limiting the volume of HTTP requests a user or IP can perform in a given period of time (minute, hour, day).

All HTTP verbs are supported (GET, POST, PUT, PATCH and DELETE).

This plugin can enforce a global or a custom rate limit, per application route. For instance, the rate limit can be enforced only on the following app’s routes:

GET /users/sign_in 5 per hour

POST /users/:id/reset_password 2 per day

A 429 - Too many requests header is set in the HTTP response when the rate limit is reached.

Note: you can also apply the rate limit as an action from other plugins.

Advanced details

Each time a request is performed, this plugin reports it back to the Sqreen back end.

When the volume of requests distributed over all your application instances reaches the configured rate limit, the Sqreen librariesn deployed in your application will dynamically enforce the rate limit.

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

  • Number of requests per application route
  • IP address
  • User account (Sqreen SDK)

On attack
  • IP address
  • User account (Sqreen SDK)

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json


// This should be the first line of your app


$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" >> config/sqreen.yml

$ curl -s | bash

$ apt-get install --no-install-recommends sqreen-agent sqreen-php-extension

$ /usr/lib/sqreen/sqreen-installer config {your token}

$ pip install sqreen

$ echo -e '[sqreen]\ntoken: your token' >> sqreen.ini


# Insert at the top of your app file (typically or

import sqreen


$ curl -o sqreen-latest-all.jar


// Next, edit the JVM startup file:

-javaagent:/path/to/sqreen-agent.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 7 days · No credit card required Get started Request demo