Rate Limit doesn't work with Burp Suite (security testing tool) #329
-
Hello everybody, we are using express-rate-limit as a middleware to reduce the attempts for a specific route to 5 in 10 minutes. In the browser, everything works fine, but I we activate s security tool like Burp Suite and try to make 100 requests with different payloads, all requests pass the middleware. Security told us, that Burp uses the same IP for all requests (no proxy). So we can't really figure out, why it's working if we try it manually and not, if its tested with a security test software. Is there any known reason why this behaviour shows up? Kind regards |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 7 replies
-
Sounds like you're using an overly-permissive value for |
Beta Was this translation helpful? Give feedback.
Sounds like you're using an overly-permissive value for
trust proxy
.