diff --git a/package-lock.json b/package-lock.json
index 3ffd81e..7c3488a 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -15,6 +15,7 @@
         "cors": "^2.8.5",
         "dotenv": "^16.3.1",
         "express": "^4.18.2",
+        "express-rate-limit": "^7.1.5",
         "ldapts": "^7.0.7",
         "roboto-fontface": "*",
         "vue": "^3.2.0",
@@ -1988,6 +1989,20 @@
         "node": ">= 0.10.0"
       }
     },
+    "node_modules/express-rate-limit": {
+      "version": "7.1.5",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-7.1.5.tgz",
+      "integrity": "sha512-/iVogxu7ueadrepw1bS0X0kaRC/U0afwiYRSLg68Ts+p4Dc85Q5QKsOnPS/QUjPMHvOJQtBDrZgvkOzf8ejUYw==",
+      "engines": {
+        "node": ">= 16"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/express-rate-limit"
+      },
+      "peerDependencies": {
+        "express": "4 || 5 || ^5.0.0-beta.1"
+      }
+    },
     "node_modules/express/node_modules/body-parser": {
       "version": "1.20.1",
       "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
diff --git a/package.json b/package.json
index 6487ac7..775330d 100644
--- a/package.json
+++ b/package.json
@@ -21,6 +21,7 @@
     "cors": "^2.8.5",
     "dotenv": "^16.3.1",
     "express": "^4.18.2",
+    "express-rate-limit": "^7.1.5",
     "ldapts": "^7.0.7",
     "roboto-fontface": "*",
     "vue": "^3.2.0",
diff --git a/src/server/server.ts b/src/server/server.ts
index 14d9aac..214d858 100644
--- a/src/server/server.ts
+++ b/src/server/server.ts
@@ -1,18 +1,25 @@
-import express from "express";
-import { trpcMiddleware } from "./trpc";
-import cors from "cors";
+import express from 'express'
+import { trpcMiddleware } from './trpc'
+import cors from 'cors'
+import { rateLimit } from 'express-rate-limit'
 
-const server = express();
+const limiter = rateLimit({
+  windowMs: 60 * 1000, // 1 minute
+  max: 100 // limit each IP to 100 requests per windowMs
+})
 
-server.use(cors());
-server.use("/trpc", trpcMiddleware);
+const server = express()
 
-if (process.env.NODE_ENV == "production") {
-  server.use("/", express.static("dist/web"));
+server.use(cors())
+server.use(limiter)
+server.use('/trpc', trpcMiddleware)
 
-  server.get("*", (req, res) => {
-    res.sendFile("index.html", { root: "dist/web" });
-  });
+if (process.env.NODE_ENV == 'production') {
+  server.use('/', express.static('dist/web'))
+
+  server.get('*', (req, res) => {
+    res.sendFile('index.html', { root: 'dist/web' })
+  })
 }
 
-export { server };
+export { server }