Enhance Security for NodeJS Application
1. Limiting the number of requests Limiting the number of requests (from a single IP address within a specific timeframe) is a method used to prevent denial-of-service ( DOS, DDOS ) attacks or brute force attacks that could overload your server. If you're using Express , integrating this is quite straightforward using the express-rate-limit package. import * as express from 'express' import helmet from 'helmet' import expressRateLimit from 'express-rate-limit' const app = express () const limiter = expressRateLimit ({ windowMs: 10 * 60 * 1000 , // ms, ~10 minutes max: 50 , // limit each IP to 50 requests }) const specificLimiter = expressRateLimit ({ windowMs: 60 * 60 * 1000 , // 1 hour window max: 2 , // start blocking after 2 requests message: 'Too many requests' , // default 429 TOO MANY REQUESTS }) app . use ( limiter ) // use for all route . use ( '/common' , ( req , res ) => { res . json