BestHub
Sign in
Backend Development 4 min read

Implementing IP Rate Limiting with Redis List in PHP

This article explains how to limit the number of requests an IP can make to a specific API endpoint within a sliding time window using Redis list structures in PHP, including example scenario, implementation logic, and complete code snippets.

php Courses
php Courses
php Courses
Implementing IP Rate Limiting with Redis List in PHP

In everyday business development, you may need to restrict any IP address from accessing a particular interface more than a certain number of times within a continuous time period to prevent malicious script attacks.

This requirement is commonly addressed with rate‑limiting solutions, and a simple approach for typical sites is to use Redis list data structures.

Example: For interface A, limit each IP to at most three requests in any consecutive 5‑second window; a fourth request within that window should return an error.

The following PHP code implements this logic using Redis list operations:

/**
 * Check if the queue length has reached the threshold; if so, return false, otherwise push the current timestamp to the tail and refresh the queue's TTL.
 * @param $key   Queue cache key
 * @param $expire Queue expiration time (e.g., 5 seconds)
 * @param $limit  Queue length threshold (e.g., 3 requests)
 * @return bool
 */
public function checkLimit($key, $expire, $limit) {
    $length = $this->refreshList($key, $expire);
    if ($length < $limit) {
        // Not reached limit: push current timestamp and reset TTL
        $this->rPush($key, time());
        $this->expire($key, intval($limit));
        return true;
    }
    return false;
}
/**
 * Refresh the queue by removing expired entries and return the new length.
 * @param $key    Custom cache key
 * @param $expire Queue expiration time (e.g., 5 seconds)
 * @return bool|int
 */
public function refreshList($key, $expire) {
    if ($this->has($key)) {
        do {
            // Pop expired items from the front of the list
            $oldest_value = $this->lPop($key);
        } while ($oldest_value && time() - $oldest_value > $expire);
        // Push the last popped value back to the front if it exists
        $oldest_value && $this->lPush($key, $oldest_value);
        return $this->lLen($key);
    }
    return 0;
}

The methods lPop , lPush , lLen , and rPush are wrappers around Redis list commands, preserving the original parameter and return semantics.

Later research shows that using Redis sorted sets (zset) with a sliding‑window algorithm is a more common and efficient solution for this scenario, but the list‑based approach demonstrates the core idea clearly.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

algorithmip limit
php Courses
Written by

php Courses

php中文网's platform for the latest courses and technical articles, helping PHP learners advance quickly.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment