Rails 8 introduces a built-in rate limiting API
How Rails 8 introduces a native rate limiting API to manage request flow without external gems like rack-attack
This article was originally published on the BigBinary blog.
Before Rails 8, rate limiting meant pulling in a gem like rack-attack and wiring it up yourself. Rails 8 changes that by shipping a native rate limiting API directly in Action Controller. The article walks through how to use it — throttling requests per IP, per user, or on specific endpoints — without any third-party dependencies. If you've ever had to configure rack-attack just to add basic abuse protection, this one's worth a look.