Question

Implementing Rate Limiting in Mendix for VAPT Compliance

0

Hi all,During a recent VAPT assessment, we found that our Mendix application does not have rate limiting in place.What is the recommended approach to implement rate limiting in Mendix? Should this be handled within Mendix (using microflows or custom logic), or is it better to configure it at the infrastructure level (e.g., API Gateway, reverse proxy)?Appreciate any best practices or real-world suggestions.

asked 2026-04-06

Praveen G

1 answers

Gurumoorthy J · Accepted Answer · 2026-04-06

Hi Praveen G

This is a common VAPT implementation where you need to add Rate limitation so that hacker cant abuse your calls. There are two methods as you already asked.

Logics inside Mendix :

You can use either Emixa commons module [link] or my own Session security module [Session Security] to implement Rate limitation which lives inside the mendix stuio pro.

At Infra level:

See again you need to configure this in nginx via reverse proxy which will be IP based or Host based and This is also possible.

But I suggest you can go with implementing this logic via mendix.

I hope this helps.