diff --git a/express_webpack/package.json b/express_webpack/package.json
index f2fda7f0d..c0c045b64 100644
--- a/express_webpack/package.json
+++ b/express_webpack/package.json
@@ -13,6 +13,7 @@
   "license": "ISC",
   "dependencies": {
     "express": "^4.17.3",
+    "express-rate-limit": "^7.1.2",
     "fs": "0.0.1-security",
     "https": "^1.0.0",
     "nodemon": "^1.19.3",
diff --git a/express_webpack/server.js b/express_webpack/server.js
index 8ce1058f6..030e850c3 100644
--- a/express_webpack/server.js
+++ b/express_webpack/server.js
@@ -3,10 +3,20 @@ const express = require('express');
 const https = require('https');
 const fs = require('fs');
 var sanitize = require("sanitize-filename");
+
 const app = express(),
             DIST_DIR = __dirname,
             HTML_FILE = path.join(DIST_DIR, 'index.html'),
             SDK_FILES = path.join(DIST_DIR, '../build/releases/');
+
+var RateLimit = require('express-rate-limit');
+var limiter = RateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: 100, // max 100 requests per windowMs
+});
+// apply rate limiter to all requests
+app.use(limiter);
+
 const options = {
     key: fs.readFileSync('certs/dev-ssl.key'),
     cert: fs.readFileSync('certs/dev-ssl.crt')
diff --git a/express_webpack/yarn.lock b/express_webpack/yarn.lock
index 7b37e3784..000152252 100644
--- a/express_webpack/yarn.lock
+++ b/express_webpack/yarn.lock
@@ -2148,6 +2148,11 @@ expand-tilde@^2.0.0, expand-tilde@^2.0.2:
   dependencies:
     homedir-polyfill "^1.0.1"
 
+express-rate-limit@^7.1.2:
+  version "7.1.2"
+  resolved "https://registry.yarnpkg.com/express-rate-limit/-/express-rate-limit-7.1.2.tgz#42156c9135ca7b77d4e0d74b06162bfe02cd45f7"
+  integrity sha512-uvkFt5JooXDhUhrfgqXLyIsAMRCtU1o8W/p0Q2p5U2ude7fEOfFaP0kSYbHOHmPbA9ZEm1JqrRne3vL9pVCBXA==
+
 express@^4.17.3:
   version "4.17.3"
   resolved "https://registry.yarnpkg.com/express/-/express-4.17.3.tgz#f6c7302194a4fb54271b73a1fe7a06478c8f85a1"