How do I integrate Symfony Rate Limiter with Laravel’s throttle middleware?

Replace Laravel’s built-in throttle middleware with a custom middleware using `RateLimiterFactory`. Inject the limiter into your middleware and call `$limiter->reserve()->wait()` before processing requests. This ensures consistent token bucket behavior across all endpoints, including those protected by `throttle`.

Can I use Redis for distributed rate limiting in a Laravel Kubernetes cluster?

Yes, configure `RateLimiterFactory` with a Redis-backed storage (e.g., `RedisStorage`) to share rate limits across all instances. This avoids contention and ensures consistent limits even with horizontal scaling. Redis adds ~5ms latency but is essential for distributed setups.

What’s the difference between `reserve()->wait()` and `consume()` in Symfony Rate Limiter?

`reserve()->wait()` blocks execution until tokens are available, ideal for critical operations like logins or payments. `consume()` checks immediately and returns a boolean, letting you skip work if limits are exceeded—useful for non-blocking scenarios like background jobs or optional features.

How do I set up compound rate limits (e.g., per-IP *and* per-user) in Laravel?

Use `CompoundRateLimiterFactory` to combine multiple limiters (e.g., one for IP, one for user ID). Configure each with its own policy (e.g., `token_bucket`) and storage. This is perfect for SaaS apps where you need multi-dimensional protection without overcomplicating logic.

Will Symfony Rate Limiter work with Laravel Queues (e.g., Job::handle())?

Absolutely. Inject the limiter into your job’s `handle()` method and call `$limiter->consume(1)->isAccepted()` before processing. This prevents queue workers from overwhelming resources during traffic spikes, similar to how you’d protect API endpoints.

What’s the best storage backend for production Laravel apps with high traffic?

For production, use Redis or Memcached for distributed storage to avoid single-instance bottlenecks. In-memory storage is fine for single-server setups but won’t scale. Always configure a fallback (e.g., database or deny-all) if Redis fails to prevent service degradation.

How do I dynamically adjust rate limits (e.g., via config or API) in Laravel?

Rebuild the `RateLimiterFactory` with new limits when config changes (e.g., via `config('rate_limits.login')`). Cache the factory as a singleton in Laravel’s service container to avoid recreating it on every request. For real-time adjustments, use a cache driver like Redis to store limits.

Does Symfony Rate Limiter support Retry-After headers for HTTP APIs?

Yes, the component automatically calculates `Retry-After` headers (RFC 6585) when using `reserve()->wait()`. This improves API client UX by telling them exactly when to retry, reducing support tickets and failed requests.

How can I test rate limiting in Laravel with load testing tools like k6?

Mock the storage layer in unit tests (e.g., `InMemoryStorage`) to simulate token acquisition. For load testing, use k6 to send rapid requests and verify `Retry-After` headers or HTTP 429 responses. Compare results against your expected token bucket behavior.

What are the alternatives to Symfony Rate Limiter for Laravel, and when should I choose them?

Laravel’s built-in `throttle` middleware is simpler but uses fixed windows, not token buckets. For advanced use cases (e.g., compound limits, serverless), Symfony’s component is superior. If you need Redis-based rate limiting with minimal setup, consider `spatie/laravel-rate-limiting`. Choose Symfony for flexibility and HTTP compliance.

Weave Code

Code Weaver

Helps Laravel developers discover, compare, and choose open-source packages. See popularity, security, maintainers, and scores at a glance to make better decisions.

Rate Limiter Laravel Package

symfony/rate-limiter

Symfony Rate Limiter provides token bucket rate limiting for your app. Create limiters with RateLimiterFactory and a storage backend (e.g., in-memory), then reserve tokens with blocking waits or consume instantly to allow/skip work based on availability.

View on GitHub

Deep Wiki

Context7

Provides a Token Bucket implementation to rate limit input and output in your application

Frequently asked questions about Rate Limiter

How do I integrate Symfony Rate Limiter with Laravel’s throttle middleware?: Replace Laravel’s built-in throttle middleware with a custom middleware using `RateLimiterFactory`. Inject the limiter into your middleware and call `$limiter->reserve()->wait()` before processing requests. This ensures consistent token bucket behavior across all endpoints, including those protected by `throttle`.
Can I use Redis for distributed rate limiting in a Laravel Kubernetes cluster?: Yes, configure `RateLimiterFactory` with a Redis-backed storage (e.g., `RedisStorage`) to share rate limits across all instances. This avoids contention and ensures consistent limits even with horizontal scaling. Redis adds ~5ms latency but is essential for distributed setups.
What’s the difference between `reserve()->wait()` and `consume()` in Symfony Rate Limiter?: `reserve()->wait()` blocks execution until tokens are available, ideal for critical operations like logins or payments. `consume()` checks immediately and returns a boolean, letting you skip work if limits are exceeded—useful for non-blocking scenarios like background jobs or optional features.
How do I set up compound rate limits (e.g., per-IP *and* per-user) in Laravel?: Use `CompoundRateLimiterFactory` to combine multiple limiters (e.g., one for IP, one for user ID). Configure each with its own policy (e.g., `token_bucket`) and storage. This is perfect for SaaS apps where you need multi-dimensional protection without overcomplicating logic.
Will Symfony Rate Limiter work with Laravel Queues (e.g., Job::handle())?: Absolutely. Inject the limiter into your job’s `handle()` method and call `$limiter->consume(1)->isAccepted()` before processing. This prevents queue workers from overwhelming resources during traffic spikes, similar to how you’d protect API endpoints.
What’s the best storage backend for production Laravel apps with high traffic?: For production, use Redis or Memcached for distributed storage to avoid single-instance bottlenecks. In-memory storage is fine for single-server setups but won’t scale. Always configure a fallback (e.g., database or deny-all) if Redis fails to prevent service degradation.
How do I dynamically adjust rate limits (e.g., via config or API) in Laravel?: Rebuild the `RateLimiterFactory` with new limits when config changes (e.g., via `config('rate_limits.login')`). Cache the factory as a singleton in Laravel’s service container to avoid recreating it on every request. For real-time adjustments, use a cache driver like Redis to store limits.
Does Symfony Rate Limiter support Retry-After headers for HTTP APIs?: Yes, the component automatically calculates `Retry-After` headers (RFC 6585) when using `reserve()->wait()`. This improves API client UX by telling them exactly when to retry, reducing support tickets and failed requests.
How can I test rate limiting in Laravel with load testing tools like k6?: Mock the storage layer in unit tests (e.g., `InMemoryStorage`) to simulate token acquisition. For load testing, use k6 to send rapid requests and verify `Retry-After` headers or HTTP 429 responses. Compare results against your expected token bucket behavior.
What are the alternatives to Symfony Rate Limiter for Laravel, and when should I choose them?: Laravel’s built-in `throttle` middleware is simpler but uses fixed windows, not token buckets. For advanced use cases (e.g., compound limits, serverless), Symfony’s component is superior. If you need Redis-based rate limiting with minimal setup, consider `spatie/laravel-rate-limiting`. Choose Symfony for flexibility and HTTP compliance.

Popularity trends

Recorded values over time (once-a-day snapshots). May 8, 2026 – Jun 6, 2026

GitHub · stars

GitHub · forks

GitHub · watchers

Packagist · monthly downloads

View on GitHub

Stars

271

Favorites

274

Forks

Score

34.9

Score breakdown

Sum of components, capped 0–100. Halved if archived.

Stars

input: 271

+1.4
Forks

input: 13

+0.4
Open issues + PRs

input: 0

+0.0
Releases

input: 44

+13.2
Recency

input: 10

+19.5
Issue opportunity

input: 0

+0.0
Laravel News mentions

input: 0

+0.0
Dependents

input: 0

+0.0

Total 34.4

Opportunity

63.4

Opportunity score breakdown

Hidden gem signal × 0.65 + contribution need × 0.35, scaled by health factor.

Hidden gem

log(monthly_downloads / (stars + 1)) × 25

97.7
Contribution need

open_issues + open_prs: 0

0.0
Health factor

archived + recency + open issues

×1.00

Total 63.3

License

MIT

Last release

May 27, 2026

Watchers

Downloads

2M/mo

Dependents

Open issues

Weaver

How can I help you explore Laravel packages today?

Conversation history is not saved when not logged in.

Add packages to context

No packages found.

hamzi/corewatch

minionfactory/raw-hydrator

hexters/coinpayment

rjcodes/rjcms

act-training/laravel-permissions-manager

alimarchal/laravel-chart-of-accounts

babenkoivan/elastic-scout-driver

mkwebdesign/filament-watchdog-v5

renatomarinho/laravel-page-speed

zedmagdy/filament-business-hours

renatovdemoura/blade-elements-ui

devgeek/beacon-admin

benjamin-rqt/data-watcher-bundle

atriumphp/atrium

sandermuller/package-boost-laravel

sandermuller/boost-skills

redaxo/core

yusufgenc/filament-api-forge

l3aro/rating-star-for-filament

leek/filament-subtenant-scope