diff --git a/README.md b/README.md
index 74d8a24..f24e25b 100644
--- a/README.md
+++ b/README.md
@@ -262,6 +262,8 @@ Any URL like `/year/month/day/anything/` will redirect to this article (and link
   the directory where will be located the git repo with templates and articles
 * `view_engine` (default: ejs)  
   the Express view engine used to render pages from templates
+* `rate_limit` (default: 100)  
+  number of requests allowed in a time-frame of 15 minutes
 * `access_log` (default: access.log)  
   log file where to save access requests (empty to disable)
 * `error_log` (default: error.log)  
diff --git a/lgtm.yml b/lgtm.yml
new file mode 100644
index 0000000..7643c5b
--- /dev/null
+++ b/lgtm.yml
@@ -0,0 +1,7 @@
+path_classifiers:
+  test:
+    - test
+  docs:
+    - uml
+  library:
+    - src/lib
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index 893237a..49b9f40 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "gitblog.md",
-  "version": "1.2.6",
+  "version": "1.2.7",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -3130,6 +3130,11 @@
         "vary": "~1.1.2"
       }
     },
+    "express-rate-limit": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-5.0.0.tgz",
+      "integrity": "sha512-dhT57wqxfqmkOi4HM7NuT4Gd7gbUgSK2ocG27Y6lwm8lbOAw9XQfeANawGq8wLDtlGPO1ZgDj0HmKsykTxfFAg=="
+    },
     "extend": {
       "version": "3.0.2",
       "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
diff --git a/package.json b/package.json
index 67cee62..43266f0 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "gitblog.md",
-  "version": "1.2.7",
+  "version": "1.2.8",
   "description": "A static blog using Markdown pulled from your git repository.",
   "main": "src/server.js",
   "dependencies": {
@@ -9,6 +9,7 @@
     "crypto": "^1.0.1",
     "ejs": "^2.6.2",
     "express": "^4.17.1",
+    "express-rate-limit": "^5.0.0",
     "fa-diagrams": "^1.0.3",
     "mathjax-node": "^2.1.1",
     "ncp": "^2.0.0",
diff --git a/src/app.js b/src/app.js
index 5496fe2..7dfaf50 100644
--- a/src/app.js
+++ b/src/app.js
@@ -3,6 +3,7 @@ const app = express();
 const fs = require('fs');
 const path = require('path');
 const pjson = require('../package.json');
+const rateLimit = require('express-rate-limit');
 
 app.enable('trust proxy');
 
@@ -122,6 +123,13 @@ module.exports = (config) => {
     next();
   });
 
+  //rate limit for safer server
+  const limiter = rateLimit({
+    windowMs: 15 * 60 * 1000, // 15 minutes
+    max: config['rate_limit']
+  });
+  app.use(limiter);
+
   //log request at result end
   app.use((req, res, next) => {
     if (config['access_log']) {
diff --git a/src/config.default.json b/src/config.default.json
index 79fe3f3..f0d0678 100644
--- a/src/config.default.json
+++ b/src/config.default.json
@@ -3,6 +3,7 @@
   "host": "",
   "data_dir": "data",
   "view_engine": "ejs",
+  "rate_limit": 100,
   "access_log": "access.log",
   "error_log": "error.log",
   "modules": {