diff --git a/back/loaders/express.ts b/back/loaders/express.ts
index 93ef7f10..0a5f217e 100644
--- a/back/loaders/express.ts
+++ b/back/loaders/express.ts
@@ -17,6 +17,12 @@ import { errors } from 'celebrate';
 import path from 'path';
 import { createProxyMiddleware } from 'http-proxy-middleware';
 import { serveEnv } from '../config/serverEnv';
+import rateLimit from 'express-rate-limit'
+
+const limiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 100,
+})
 
 export default ({ app }: { app: Application }) => {
   app.enable('trust proxy');
@@ -125,6 +131,7 @@ export default ({ app }: { app: Application }) => {
   });
 
   app.use(rewrite('/open/*', '/api/$1'));
+  app.use('/api', limiter)
   app.use(config.api.prefix, routes());
 
   app.use((req, res, next) => {
diff --git a/back/services/dependence.ts b/back/services/dependence.ts
index 54c178e5..bd242278 100644
--- a/back/services/dependence.ts
+++ b/back/services/dependence.ts
@@ -14,7 +14,7 @@ import SockService from './sock';
 import { FindOptions, Op } from 'sequelize';
 import { concurrentRun } from '../config/util';
 import dayjs from 'dayjs';
-import { runCronWithLimit } from 'back/shared/pLimit';
+import { runCronWithLimit } from '../shared/pLimit';
 
 @Service()
 export default class DependenceService {
diff --git a/package.json b/package.json
index c5e39239..d554aa81 100644
--- a/package.json
+++ b/package.json
@@ -68,6 +68,7 @@
     "dotenv": "^16.0.0",
     "express": "^4.17.3",
     "express-jwt": "^6.1.1",
+    "express-rate-limit": "^6.7.0",
     "express-urlrewrite": "^1.4.0",
     "form-data": "^4.0.0",
     "got": "^11.8.2",
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index f1ccf895..3af0418e 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -40,6 +40,9 @@ dependencies:
   express-jwt:
     specifier: ^6.1.1
     version: 6.1.2
+  express-rate-limit:
+    specifier: ^6.7.0
+    version: 6.7.0(express@4.18.2)
   express-urlrewrite:
     specifier: ^1.4.0
     version: 1.4.0
@@ -7995,6 +7998,15 @@ packages:
       lodash: 4.17.21
     dev: false
 
+  /express-rate-limit@6.7.0(express@4.18.2):
+    resolution: {integrity: sha512-vhwIdRoqcYB/72TK3tRZI+0ttS8Ytrk24GfmsxDXK9o9IhHNO5bXRiXQSExPQ4GbaE5tvIS7j1SGrxsuWs+sGA==}
+    engines: {node: '>= 12.9.0'}
+    peerDependencies:
+      express: ^4 || ^5
+    dependencies:
+      express: 4.18.2
+    dev: false
+
   /express-unless@1.0.0:
     resolution: {integrity: sha512-zXSSClWBPfcSYjg0hcQNompkFN/MxQQ53eyrzm9BYgik2ut2I7PxAf2foVqBRMYCwWaZx/aWodi+uk76npdSAw==}
     dev: false