How to do rate limiting in Next.js Middleware with more specificity than IP (no auth / no cookies)?
Unanswered
Snowshoe posted this in #help-forum
SnowshoeOP
Hey all! I’m working on a Next.js 15 app deployed on Vercel. I want to implement rate limiting in middleware.ts specifically for dynamic page loads.
I'm aiming for more specific user identification than just IP, but:
I don’t have any auth or session/cookies set up
I was hoping to use x-vercel-ja4-hash, but it seems to be missing in production Middleware
The only info I reliably have is the IP address and headers like user-agent
❓What would be a good way to build a more precise user ID for rate limiting? Maybe a hash of ip + user-agent? Or are there any hidden headers or tricks on Vercel I might be missing?
Appreciate any ideas or patterns you’ve seen that work well
I'm aiming for more specific user identification than just IP, but:
I don’t have any auth or session/cookies set up
I was hoping to use x-vercel-ja4-hash, but it seems to be missing in production Middleware
The only info I reliably have is the IP address and headers like user-agent
❓What would be a good way to build a more precise user ID for rate limiting? Maybe a hash of ip + user-agent? Or are there any hidden headers or tricks on Vercel I might be missing?
Appreciate any ideas or patterns you’ve seen that work well