rust 48 lines · 7 steps

Per-IP rate limiting in Axum with tower-governor

Build an Axum router that throttles requests per client IP and prunes stale limiter state on a background loop.

Explained by highlit
Axum Intermediate rate-limiting middleware tower background-task shared-state
1use std::net::SocketAddr;
2use std::time::Duration;
3 
4use axum::{routing::get, Json, Router};
5use serde_json::{json, Value};
6use tower_governor::governor::GovernorConfigBuilder;
7use tower_governor::key_extractor::SmartIpKeyExtractor;
8use tower_governor::GovernorLayer;
9 
10pub fn api_router() -> Router {
11 let governor_conf = GovernorConfigBuilder::default()
12 .per_second(2)
13 .burst_size(5)
14 .key_extractor(SmartIpKeyExtractor)
15 .finish()
16 .expect("valid governor configuration");
17 
18 let governor_conf = std::sync::Arc::new(governor_conf);
19 let limiter = governor_conf.limiter().clone();
20 
21 tokio::spawn(async move {
22 let interval = Duration::from_secs(60);
23 loop {
24 tokio::time::sleep(interval).await;
25 tracing::debug!("rate limit storage size: {}", limiter.len());
26 limiter.retain_recent();
27 }
28 });
29 
30 Router::new()
31 .route("/api/quotes", get(list_quotes))
32 .layer(GovernorLayer { config: governor_conf })
33}
34 
35async fn list_quotes() -> Json<Value> {
36 Json(json!({
37 "quotes": [
38 { "author": "Hopper", "text": "Mind your own business is a poor motto." },
39 { "author": "Knuth", "text": "Premature optimization is the root of all evil." }
40 ]
41 }))
42}
43 
44pub async fn serve(addr: SocketAddr) -> std::io::Result<()> {
45 let listener = tokio::net::TcpListener::bind(addr).await?;
46 let app = api_router().into_make_service_with_connect_info::<SocketAddr>();
47 axum::serve(listener, app).await
48}
01 / 01
STEP 01

Walkthrough

Space play step click any line
Three takeaways
  1. 1Rate limiting is added declaratively as a tower layer wrapping your routes, keeping handlers oblivious to it.
  2. 2Per-IP throttling needs the connection's address, which is why the service is built with connect-info.
  3. 3In-memory limiter state grows unbounded unless you periodically prune entries you no longer need.

Related explainers

rust 
use std::collections::HashMap;
use std::sync::{Arc, Mutex};
use std::thread;
 

Aggregating metrics across threads in Rust

concurrency shared-state mutex
Intermediate 7 steps
rust 
use std::sync::{mpsc, Arc, Mutex};
use std::thread;
use std::time::Duration;
 

Building a thread pool in Rust

concurrency channels thread-pool
Advanced 9 steps
python 
import time
from collections import defaultdict
from threading import Lock
 

Sliding-window login rate limiting in Flask

rate-limiting sliding-window thread-safety
Intermediate 7 steps
rust 
use std::time::Instant;
use tracing::info;
 
pub struct Timer {

A scope-guard timer with Drop in Rust

raii drop-guard timing
Intermediate 7 steps
javascript 
const RATE_LIMIT = 100;
const WINDOW_MS = 60 * 1000;
const BLOCK_MS = 5 * 60 * 1000;
 

Building a rate-limiting middleware in Express

rate-limiting middleware closures
Intermediate 9 steps
rust 
use std::collections::HashMap;
 
pub struct Memoizer<K, V, F> {
    cache: HashMap<K, V>,

A generic memoizer in Rust

memoization generics caching
Intermediate 6 steps

Share this explainer

Here's the card — post it anywhere.

Per-IP rate limiting in Axum with tower-governor — share card
Made with highlit — turn any snippet into a walkthrough like this in about a minute.
Explain your code