Laravel Advanced Rate Limiting Package

Screenshot

An advanced rate limiting package for Laravel with exponential backoff, custom messages, and built-in Blade components. This package provides comprehensive protection against DDoS attacks, brute force attempts, and other malicious activities while maintaining a positive user experience for legitimate users.

Features

Multi-layered protection with configurable limits for different authentication endpoints
Intelligent backoff strategies (linear, Fibonacci, and exponential)
Granular limit types (global, per-email, per-IP, per-session, per-username+IP)
Progressive user feedback with proactive warnings before lockouts
Context-aware messaging with intelligent suggestions based on the situation
Built-in Blade components for error and warning messages
Comprehensive logging and monitoring capabilities
Flexible configuration with easy enable/disable controls

Essentially, this package takes Laravel's basic rate limiting capabilities and extends them with sophisticated features specifically tailored for authentication security, making it much easier to implement robust protection against brute force attacks without having to build all these features yourself.

Architecture

The system is built around a dedicated service provider that implements a configuration-driven approach:

Separation of concerns: Rate limiting logic is isolated from application logic
Configuration-driven design: All limiters are defined in a single, maintainable configuration array
Extensible architecture: New limiters and limit types can be added with minimal code changes
Performance optimized: Uses Laravel's cache system with efficient key generation