- ExpressJS - Home
- ExpressJS - Overview
- ExpressJS - Environment
- ExpressJS - Installation
- ExpressJS - Hello World
- ExpressJS - Routing
- ExpressJS - HTTP Methods
- ExpressJS - URL Building
- ExpressJS - Middleware
- ExpressJS - Templating
- ExpressJS - Static Files
- ExpressJS - Form Data
- ExpressJS - Database
- ExpressJS - Cookies
- ExpressJS - Sessions
- ExpressJS - Authentication
- ExpressJS - RESTful APIs
- ExpressJS - Scaffolding
- ExpressJS - Serving Dynamic Content
- ExpressJS - Handling File Uploads
- ExpressJS - Internationalization(i18n)
- ExpressJS - Security Practices
- ExpressJS - Rate Limiting
- ExpressJS - Slowing Down Responses
- ExpressJS - Error handling
- ExpressJS - Debugging
- ExpressJS - Best Practices
- ExpressJS - Resources
ExpressJS - Slowing Down Responses
Slowing Down responses is a technique deployed by websites to control response delivery time. For example, a software download website wants to delay a response. A slow down mechanism prevents a program to use system resources excessively and unintentionally use network resources.
Combining slow down response with rate limiting is a key to make a website stronger and more resillient. We can use express-slow-down middleware to achieve the same.
Using express-slow-down dependency
In express applications, we can use express-slow-down as a dependency to implement slow down. express-slow-down middleware controls the response time of an express application. Following are the three important parameters of express-slow-down.
windowMs− Time in milliseconds. Slow down applies during this time. For example, to define a window of 10 minutes, we can set windowMs as 10 * 60 * 1000.
delayAfter− Maximum number of requests to go with full speed within the time window. If more requests come, then responses will be delayed.
delayMS− Delay in response time in milliseconds.
Installing express-slow-down dependency
We can use the following command to install above express--slow-down dependency using npm.
npm install express-slow-down
Initialize express-slow-down and use
var express = require('express');
const rateLimit = require("express-slow-down");
var app = express();
// configure slow limiter with a time window of 10 minutes
// and maximum 3 requests
const limiter = slowDown({
windowMs: 10 * 60 * 1000, // 10 minutes
delayAfter: 3, // allows 3 requests per 10 minutes
delayMs: (hits) => hits * 100, // Add 100 ms of delay to every request after 3rd request
});
app.use(limiter);
app.get('/', function(req, res){
res.send("Hello world!");
});
app.listen(3000);
Save the file, go to your terminal and type the following.
nodemon index.js [nodemon] 3.1.9 [nodemon] to restart at any time, enter `rs` [nodemon] watching path(s): *.* [nodemon] watching extensions: js,mjs,cjs,json [nodemon] starting `node index.js`
This will start the server. To test this app, open your browser and go to http://localhost:3000 and a message will be displayed as in the following screenshot.
Here we can see the response time is nearly 5 ms
Now refresh the page 4 times, browser will start loading the page after delayed time.
Here we can see the response time is delayed by 400 ms (4th hits * 100ms).
Explanation
In app, we've imported express-slow-down and created a limiter with a time window of 10 minutes and maximum 3 requests allowed per single ip address. Then using app.use(limiter)
, we've enabled our slow down limiter with express.Now if a client makes more than 3 requests within a timeframe of 10 minutes then slow down limiter will trigger and browser will receive response with delay in multiple of 100ms with the number of hits.