Disable or Adjust Laravel Rate Limiter: A Step-by-Step Guide

The Laravel framework includes a powerful rate limiter middleware to protect your application from excessive requests. It can be applied to any route your application has. By default, however, Laravel applies it to all routes starting with /api.

In some cases, you may need to adjust or disable the rate limiter to accommodate specific requirements, and prevent seeing the “429 Too Many Requests” error.

In this guide, we’ll walk you through the steps to either disable or adjust the Laravel rate limiter.

Step 1: Locate the Rate Limiter Middleware

The rate limiter settings are defined in the app/Http/Kernel.php file. To disable the rate limiter, we’ll need to make changes to this file. Open your Laravel project and locate Kernel.php.

Step 2: Comment Out the Throttle Middleware

Inside the Kernel.php file, you’ll find the $middlewareGroups array, under the ‘api’ group. By default, Laravel will only apply rate-limiting middleware under api. The web group is typically used for web routes accessed by users in the browsers, while the api group is used for API routes accessed more behind the scenes by scripts and applications.

If you want to disable the rate limiter for API routes, you need to find and comment the following line of code within the api middleware group accordingly. Note that the line can look slightly different, depending on your Laravel version:

\Illuminate\Routing\Middleware\ThrottleRequests::class.':api', // Laravel 10 and newer
'throttle:api', // Laravel 9 and 8
'throttle:60,1', // Laravel 7 and 6

Here’s an example of how it might look after commenting it out (using Laravel 10 or newer):

        'api' => [
            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
            // \Illuminate\Routing\Middleware\ThrottleRequests::class.':api',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

Step 3: Adjust Rate Limit Settings

For an API in production use, I recommend tweaking the limits instead of disabling the rate-limiting completely.

If you prefer to keep rate limiting in place but want to modify the limits, you can adjust the throttle middleware’s parameters. The format for the throttle middleware is 'throttle:requests,minutes'. You can customize the ‘throttle:requests,minutes’ format to set your preferred limits.

For example, to limit requests to 60 per minute, you can use:

        'api' => [
            // \Laravel\Sanctum\Http\Middleware\EnsureFrontendRequestsAreStateful::class,
            'throttle:60,1',
            \Illuminate\Routing\Middleware\SubstituteBindings::class,
        ],

In this example, it limits API requests to 60 per minute. You can adjust the numbers as needed for your specific use case.

Step 4: Save the Changes

After making the necessary adjustments to the Kernel.php file, save it. You should now be able to open the route as many times as needed, without seeing the error message: 429 Too Many Requests. You can test this for example by opening the route in the browser and pressing F5, fast and a lot of times 🙂

Frequently Asked Questions

How to remove rate limiting only for a specific API route?

  1. First, remove global rate limiting by editing app/Http/Middleware/Kernel.php, scrolling to $middlewareGroups and commenting out lines: ThrottleRequests::class and, if present, throttle:60,1
  2. Apply rate limiting only to a group of routes by editing routes/api.php and using the following code:
// Routes outside the group (without ThrottleRequests middleware)
Route::get('/public-route', function () {
    dd('public-route');
});

// Routes inside the group (with ThrottleRequests middleware)
Route::middleware([\Illuminate\Routing\Middleware\ThrottleRequests::class])->group(function () {
    Route::get('/protected-route-1', function () {
        dd('protected-route-1');
    });
    Route::get('/protected-route-2', function () {
        dd('protected-route-1');
    });
});

Conclusion

Disabling or adjusting the Laravel rate limiter can be useful for handling specific scenarios where rate limiting may not be suitable. By following these steps and editing the Kernel.php file, you can effectively fix the “429 Too Many Requests” error and tailor the rate limiting to your application’s needs.

It’s important to note that rate limiting serves a crucial purpose in protecting your application from excessive requests. By controlling the rate at which requests are made, it helps prevent server overload and ensures fair usage of your resources. Therefore, before deciding to disable it entirely, carefully consider your application’s requirements and the potential impact on its performance.

Happy coding!

References

Johan van den Broek

Johan is the creator of laracoding.com. As a child, he began tinkering with various programming languages, many of which have been long forgotten today. Currently, he works exclusively with PHP, and his passion for programming remains to this day.

Leave a Reply

Your email address will not be published. Required fields are marked *

Recent Posts