Dev Tools · 1h ago
Redis Sliding Window Rate Limiting Fixes API Burst Vulnerability
Fixed window rate limiting allows attackers to send 120 requests in 2 seconds by timing resets. A Redis sorted set sliding window algorithm looks back 60 seconds continuously, blocking bursts. The Laravel middleware removes old timestamps and checks counts atomically in sub-millisecond time.
Meridian48 take
Practical guide, but production rate limiting also needs distributed coordination and per-user keys, not just per-IP.
rate-limitingredis