Implement Rate Limiting with Redis

Intermediate12 minTrending

Build an API rate limiter using Redis counters and sliding windows to protect services from abuse and traffic spikes.

Prerequisites

-Redis installed and running
-redis-cli available

Steps

Implement fixed-window rate limiting

Use INCR with EXPIRE to count requests per time window.

$ redis-cli MULTI redis-cli INCR ratelimit:user:1001:$(date +%s -d '1 minute ago' | cut -c1-9)0 redis-cli EXPIRE ratelimit:user:1001:$(date +%s | cut -c1-9)0 120 redis-cli EXEC

The key includes a truncated timestamp so it auto-rotates each window.

Simple counter increment and check

Increment a counter for the current minute and check against a limit.

$ redis-cli SET ratelimit:api:user1001 0 EX 60 NX && redis-cli INCR ratelimit:api:user1001

NX ensures the key is only set if it does not exist, preserving the counter within the window.

Check current request count

Read the current counter value to decide if the request should be allowed.

$ redis-cli GET ratelimit:api:user1001

Implement sliding window with sorted sets

Use a sorted set to track individual request timestamps for a precise sliding window.

$ redis-cli ZADD ratelimit:sliding:user1001 $(date +%s) $(uuidgen) && redis-cli ZREMRANGEBYSCORE ratelimit:sliding:user1001 0 $(($(date +%s)-60)) && redis-cli ZCARD ratelimit:sliding:user1001

Sorted set rate limiting uses more memory than counters. Use it only when precision matters.

Set expiration on sliding window key

Ensure the sorted set key expires to prevent memory leaks for inactive users.

$ redis-cli EXPIRE ratelimit:sliding:user1001 120

Full Script

full-script.sh

#!/bin/bash
# Redis Rate Limiting Demo
set -euo pipefail

USER_ID="user1001"
LIMIT=10
WINDOW=60

echo "=== Fixed Window Rate Limiter ==="
KEY="ratelimit:api:$USER_ID"
redis-cli SET "$KEY" 0 EX $WINDOW NX > /dev/null 2>&1
COUNT=$(redis-cli INCR "$KEY")
echo "Request count: $COUNT / $LIMIT"

if [ "$COUNT" -gt "$LIMIT" ]; then
  echo "RATE LIMITED - request denied"
  TTL=$(redis-cli TTL "$KEY")
  echo "Retry after: $TTL seconds"
else
  echo "ALLOWED - request processed"
fi

echo ""
echo "=== Sliding Window Rate Limiter ==="
SKEY="ratelimit:sliding:$USER_ID"
NOW=$(date +%s)
WINDOW_START=$((NOW - WINDOW))

# Remove old entries
redis-cli ZREMRANGEBYSCORE "$SKEY" 0 "$WINDOW_START" > /dev/null
# Add current request
redis-cli ZADD "$SKEY" "$NOW" "$NOW:$$" > /dev/null
redis-cli EXPIRE "$SKEY" $((WINDOW * 2)) > /dev/null
# Check count
SCOUNT=$(redis-cli ZCARD "$SKEY")
echo "Sliding window count: $SCOUNT / $LIMIT"

if [ "$SCOUNT" -gt "$LIMIT" ]; then
  echo "RATE LIMITED - request denied"
else
  echo "ALLOWED - request processed"
fi

FAQ

Discussion

Loading comments...

#!/bin/bash # Redis Rate Limiting Demo set -euo pipefail USER_ID="user1001" LIMIT=10 WINDOW=60 echo "=== Fixed Window Rate Limiter ===" KEY="ratelimit:api:$USER_ID" redis-cli SET "$KEY" 0 EX $WINDOW NX > /dev/null 2>&1 COUNT=$(redis-cli INCR "$KEY") echo "Request count: $COUNT / $LIMIT" if [ "$COUNT" -gt "$LIMIT" ]; then echo "RATE LIMITED - request denied" TTL=$(redis-cli TTL "$KEY") echo "Retry after: $TTL seconds" else echo "ALLOWED - request processed" fi echo "" echo "=== Sliding Window Rate Limiter ===" SKEY="ratelimit:sliding:$USER_ID" NOW=$(date +%s) WINDOW_START=$((NOW - WINDOW)) # Remove old entries redis-cli ZREMRANGEBYSCORE "$SKEY" 0 "$WINDOW_START" > /dev/null # Add current request redis-cli ZADD "$SKEY" "$NOW" "$NOW:$$" > /dev/null redis-cli EXPIRE "$SKEY" $((WINDOW * 2)) > /dev/null # Check count SCOUNT=$(redis-cli ZCARD "$SKEY") echo "Sliding window count: $SCOUNT / $LIMIT" if [ "$SCOUNT" -gt "$LIMIT" ]; then echo "RATE LIMITED - request denied" else echo "ALLOWED - request processed" fi