ralphi - logo


Pure Node.js simple rate limiting server to prevent bruteforce attacks

This project is maintained by yonjah


hapi plugin for ralphi pure Node.js rate limiting server

npm version Build Status codecov Known Vulnerabilities License

Ralphi is a simple rate limiting server intended to prevent bruteforce attacks on logins and other sensitive assets.

For more info about Ralphi other components see ralphi

Plugin Installation

$ npm install -s ralphi-client
$ npm install -s hapi-ralphi


Integrate rate limiting in hapi.js

const plugin = require('hapi-ralphi');
const client = new require('ralphi-client')();
const server = new require('hapi').Server();

async function init () {
    await server.register({plugin, options: {client}});
        method: 'POST',
        path: '/login',
        config: {
            plugins: {
                ralphi: {
                    bucket: 'login'
        handler () {
            return 'Success';

login root will be rate limited according to the bucket settings, and rate limiting headers will be sent with the response.

Configuration Options

All configuration options other than client,ext,allRoutes can be overridden in the route settings. When allRoutes is false(default), you’ll need to set a config object in config.plugins.ralphi to enable the route. If allRoutes is true you can disable a specific route by setting config.plugins.ralphi to false.