{"id":19408449,"url":"https://github.com/4lessandrodev/block-ddos","last_synced_at":"2025-08-22T14:04:29.474Z","repository":{"id":65915968,"uuid":"602319672","full_name":"4lessandrodev/block-ddos","owner":"4lessandrodev","description":"Lib to block multiple request for a route in a short interval from same ip addr.","archived":false,"fork":false,"pushed_at":"2025-04-01T21:15:36.000Z","size":908,"stargazers_count":4,"open_issues_count":5,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-03T03:11:10.782Z","etag":null,"topics":["block-requests","ddos-attacks","express-middleware","security-tools"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/block-ddos","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/4lessandrodev.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-02-16T00:34:22.000Z","updated_at":"2025-03-03T22:48:20.000Z","dependencies_parsed_at":"2024-12-02T17:35:07.432Z","dependency_job_id":null,"html_url":"https://github.com/4lessandrodev/block-ddos","commit_stats":{"total_commits":24,"total_committers":3,"mean_commits":8.0,"dds":"0.29166666666666663","last_synced_commit":"92bbaf8ff8eb5f53643a630d6651a3764a3af174"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4lessandrodev%2Fblock-ddos","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4lessandrodev%2Fblock-ddos/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4lessandrodev%2Fblock-ddos/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/4lessandrodev%2Fblock-ddos/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/4lessandrodev","download_url":"https://codeload.github.com/4lessandrodev/block-ddos/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250600716,"owners_count":21457017,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["block-requests","ddos-attacks","express-middleware","security-tools"],"created_at":"2024-11-10T12:06:15.540Z","updated_at":"2025-04-24T09:31:53.320Z","avatar_url":"https://github.com/4lessandrodev.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# block-ddos\n\nA middleware function for a Node.js web application that helps prevent **distributed denial-of-service (DDoS) attacks**. When a client makes a request to the application, the middleware function is called to check if the request is legitimate or not based on the number of requests made within a certain time period.\n\nThe function first checks if the request is an `HTTP` request and not for the `/favicon.ico file`. If it is not an **HTTP request** or for the /favicon.ico file, the function passes control to the next middleware function in the chain.\n\nIf the request is an HTTP request and not for the /favicon.ico file, the function checks if the client has made too many requests by checking if the client's browser has stored a cookie named `\"ddos-blocked-times\"` with a value of 20 or more. If the client has made too many requests, the function returns an HTTP 429 error with a JSON object containing an error message.\n\nIf the client has not made too many requests, the function creates an instance of a memory store, which stores information about requests made by clients. The function then creates an instance of an Info object, which contains information about the client's request, such as the client's IP address, user agent, and timestamp.\n\nThe function generates a hash code for the Info object and checks if the client has made too many requests by calling the CanAccess method of the MemoryStore object. **If the client has made too many requests, the function returns an HTTP 403 error with a JSON object containing an error message**.\n\nIf the client has not made too many requests, the function saves the Info object to the MemoryStore object and passes control to the next middleware function in the chain.\n\n---\n\n## Install\n\ninstall using yarn\n\n```sh\n\n$ yarn add block-ddos\n\n```\n\ninstall using npm\n\n```sh\n\n$ npm install block-ddos\n\n```\n\n## How to use it\n\nApply to all routes\n\n```ts\n\nimport express from 'express';\nimport { blockDDoS } from 'block-ddos';\n\nconst app = express();\napp.use(express.json());\n\n// middleware for all routes\napp.use(blockDDoS());\n\napp.use(myRoutes);\n\napp.listen(3000);\n\n```\n\n## Single route\n\nApplying for a single route.\n\n```ts\n\nimport express from 'express';\nimport { blockDDoS } from 'block-ddos';\n\nconst app = express();\napp.use(express.json());\n\n// middleware apply to single route\napp.post('/some-route', blockDDoS(), route);\n\napp.use(otherRoutes);\n\napp.listen(3000);\n\n```\n\n## Interval\n\nDetermine the interval (ttl) to apply between multiple requests.\nThe middleware is a singleton instance so different time interval for different routes will not works. the instance keep the same config for all routes.\n\n```ts\n\nimport { blockDDoS } from 'block-ddos';\n\n// 30 sec in milliseconds\n// default is 10 sec (10000ms), and minimum is 10 sec (10000ms)\nconst interval = 30000;\n\napp.use(blockDDoS({ interval }));\n\n```\n\n## Customize message\n\nChange the message sent to user\n\n```ts\n\nimport { blockDDoS } from 'block-ddos';\n\nconst interval = 15000;\nconst error = \"Blocked by block-ddos middleware\";\n\napp.use(blockDDoS({ interval, error }));\n\n```\n\n\n## Allow retry\n\nYou can allow user retry some request before block it. In this example the 3th request for same endpoint from the same ip will be blocked on default interval: `10sec`\n\n```ts\n\nimport { blockDDoS } from 'block-ddos';\n\n// attempts must be: 1 - 7. default is 2.\nconst attempts = 3;\n\napp.use(blockDDoS({ attempts }));\n\n```\n\n---\n\n## Ban IP\n\nIf the ip is blocked **twenty (20) times** for the same route in a 10 minutes interval, it will be banned for 10 minutes\n\n---\n## Error Payload\n\nThe content below is sent to user.\n\n**Status Code 429**\n\n```json\n\n{\n  \"error\": {\n    \"message\": \"Blocked by proxy. Try again in a moment!\"\n  }\n}\n\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F4lessandrodev%2Fblock-ddos","html_url":"https://awesome.ecosyste.ms/projects/github.com%2F4lessandrodev%2Fblock-ddos","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2F4lessandrodev%2Fblock-ddos/lists"}