Rate Limiter Middleware in echo go!

Play this article


In a world where online services are becoming more and more popular, it is important to have the ability to handle a large number of requests without being overwhelmed. One way to achieve this is through rate limiting, which allows you to limit the number of requests that can be made to your server within a certain time frame.

In this article, we'll show you how to implement rate limiting in the Go Echo framework using middleware. By the end of this article, you'll have the skills necessary to limit the rate of requests to your server and protect against denial-of-service attacks.

Setting Up Rate Limiter Middleware in Echo

To set up rate limiter middleware in Go Echo, you'll need to create a new middleware handler function and define the rate limits. Here's an example of what that might look like:

By default, an in-memory store is used for keeping track of requests. The default in-memory implementation is focused on correctness and may not be the best option for a high number of concurrent requests or a large number of different identifiers (>16k).

To add a rate limit to your application simply add the RateLimiter middleware. The example below will limit the application to 20 requests/sec using the default in-memory store:

func rateLimiter(next echo.HandlerFunc) echo.HandlerFunc {
    limiter := tollbooth.NewLimiter(1, time.Second)
    return func(c echo.Context) error {
        if err := limiter.Wait(c.Request().Context()); err != nil {
            return echo.NewHTTPError(http.StatusTooManyRequests, "Too many requests")
        return next(c)

In this example, we're defining a new middleware handler function called rateLimiter. This function takes a next handler function as an argument and returns a new handler function that implements the rate-limiting functionality.

The tollbooth.NewLimiter function is used to create a new rate limiter. This function takes two arguments: the maximum number of requests allowed within the time frame and the time frame itself. In this example, we're allowing only one request per second.

The limiter.Wait method is used to wait for the next available request slot within the rate limit. If the limit has been reached, the method will block until a slot becomes available. If the request limit has been exceeded, we're returning an HTTP error with a Too many requests messages.

Finally, we're returning the next handler function if the rate limit has not been exceeded.

To apply this middleware to your Echo Go application, you'll need to register it with the Use method:

e := echo.New()


Custom Configuration

You can provide some custom configuration to make it robust.

config := middleware.RateLimiterConfig{
    Skipper: middleware.DefaultSkipper,
    Store: middleware.NewRateLimiterMemoryStoreWithConfig(
        middleware.RateLimiterMemoryStoreConfig{Rate: 10, Burst: 30, ExpiresIn: 3 * time.Minute},
    IdentifierExtractor: func(ctx echo.Context) (string, error) {
        id := ctx.RealIP()
        return id, nil
    ErrorHandler: func(context echo.Context, err error) error {
        return context.JSON(http.StatusForbidden, nil)
    DenyHandler: func(context echo.Context, identifier string,err error) error {
        return context.JSON(http.StatusTooManyRequests, nil)


If you need to implement your own store, be sure to implement the RateLimiterStore interface and pass it to RateLimiterConfig.

Best Practices for Using Rate Limiter Middleware

While rate limiting can be a powerful tool for protecting against denial-of-service attacks and managing server load, it's important to use it correctly to get the maximum benefit. Here are a few best practices to keep in mind when defining your rate limits:

  • Start with a conservative rate limit and adjust it as needed. Setting the rate limit too high can result in performance issues or unintended consequences.

  • Be aware of the types of requests that are being rate limited. Some types of requests may be more resource-intensive than others, so it's important to consider the impact of the rate limit on your server performance.

  • Consider using different rate limits for different types of requests. For example, you may want to allow more requests for GET requests than for POST requests.

  • Monitor your server logs and adjust your rate limits as needed. Over time, you may discover that your rate limits are too strict or too permissive based on your actual traffic patterns.


Implementing rate-limiting middleware in the Go Echo framework is an effective way to protect against denial-of-service attacks and manage server load. By following best practices and monitoring your server logs, you can ensure that your rate limits are effective and appropriate for your specific use case.

I hope this helps, you!!

More such articles:





If this article adds any value to you then please clap and comment.

Let’s connect on Stackoverflow, LinkedIn, & Twitter.

Did you find this article valuable?

Support techwasti by becoming a sponsor. Any amount is appreciated!