Joomla Rate Limiter Plugin Technical Overview
Purpose
The Joomla Rate Limiter plugin provides a lightweight, session-based protection mechanism against form abuse or accidental rapid submissions. It ensures that users can only submit forms a limited number of times within a defined time window.
Key Features
- ✅ Session-based Tracking: Keeps submission logs in the user session, no database storage needed.
- ✅ Customizable Limits: Easily configure the allowed number of submissions and time window through the plugin settings.
- ✅ Frontend-only Protection: Only applies on the site’s frontend, leaving backend functionality unaffected.
- ✅ Form-specific Rate Limits: Supports multiple forms by optionally passing a form_id to track submissions independently.
How it works
- When a form is submitted (POST request), the Joomla Rate Limiter plugin checks how many times that form has been submitted by this user within the configured time window.
- If the submission count exceeds the limit, the plugin:
- Displays a warning message (You are submitting too frequently...).
- Redirects the user back to the homepage or another defined page.
- If under the limit, it logs the current submission timestamp and allows the request to proceed.
Technical Workflow
1️⃣ Initialization:
- The plugin loads when Joomla fires onAfterInitialise().
2️⃣ Frontend-only Execution:
- The plugin skips execution if running on the Joomla administrator.
3️⃣ Configuration Parameters:
- timeWindow (seconds): e.g. 600 (10 minutes).
- submissionLimit: e.g. 5 submissions allowed.
4️⃣ Submission Tracking:
- Submission timestamps are stored in PHP session (per user).
- Older submissions outside the time window are automatically discarded.
5️⃣ Rate Limiting:
- If submission count exceeds the allowed limit, user is blocked and redirected.
Purpose
The Joomla Rate Limiter plugin provides a lightweight, session-based protection mechanism against form abuse or accidental rapid submissions. It ensures that users can only submit forms a limited number of times within a defined time window.
Key Features
- ✅ Session-based Tracking: Keeps submission logs in the user session, no database storage needed.
- ✅ Customizable Limits: Easily configure the allowed number of submissions and time window through the plugin settings.
- ✅ Frontend-only Protection: Only applies on the site’s frontend, leaving backend functionality unaffected.
- ✅ Form-specific Rate Limits: Supports multiple forms by optionally passing a form_id to track submissions independently.
How it works
- When a form is submitted (POST request), the plugin checks how many times that form has been submitted by this user within the configured time window.
- If the submission count exceeds the limit, the plugin:
- Displays a warning message (You are submitting too frequently...).
- Redirects the user back to the homepage or another defined page.
- If under the limit, it logs the current submission timestamp and allows the request to proceed.
Technical Workflow
1️⃣ Initialization:
- The plugin loads when Joomla fires onAfterInitialise().
2️⃣ Frontend-only Execution:
- The plugin skips execution if running on the Joomla administrator.
3️⃣ Configuration Parameters:
- timeWindow (seconds): e.g. 600 (10 minutes).
- submissionLimit: e.g. 5 submissions allowed.
4️⃣ Submission Tracking:
- Submission timestamps are stored in PHP session (per user).
- Older submissions outside the time window are automatically discarded.
5️⃣ Rate Limiting:
- If submission count exceeds the allowed limit, user is blocked and redirected.