A Go middleware for rate-limiting HTTP requests using token bucket algorithm with flexible key selection.
Tollbooth is a generic HTTP rate-limiting middleware for Go applications. It helps protect web services from excessive traffic by enforcing request limits based on various criteria like IP address, headers, HTTP methods, and basic auth usernames. It uses Go's embedded `time/rate` library with a token bucket algorithm for efficient, storage-free rate limiting.
Go developers building HTTP servers or web services that need to protect against traffic spikes, abuse, or ensure fair usage, particularly those using standard Go HTTP or frameworks like Gin, Chi, and Echo.
Developers choose Tollbooth for its simplicity, thread safety, and explicit configuration without external storage dependencies. Its unique selling point is flexible rate limiting by multiple request attributes (IP, headers, methods, basic auth) with customizable rejection handling and standard compliance headers.
Simple middleware to rate-limit HTTP requests.
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
Supports rate limiting by IP, headers, HTTP methods, and basic auth usernames, allowing precise control over diverse request attributes as shown in the features section.
Uses Go's embedded time/rate library with a token bucket algorithm, eliminating external storage dependencies and reducing complexity.
Allows custom messages, content types, and callback functions when limits are reached, enabling tailored responses for API clients.
Provides RateLimit and X-Rate-Limit headers for both successful and rejected requests, aiding in API client integration and standards adherence.
Major version updates are backward-incompatible, as noted in the README, requiring code adjustments and migration efforts for upgrades.
Relies solely on token bucket with fixed per-second limits; the README mentions duration isn't changeable, restricting support for custom time windows or sliding algorithms.
Framework integrations (e.g., Gin, Echo) rely on community-contributed shims, which may vary in maintenance and reliability, as acknowledged in the README.