I encountered RateLimiting in the login page of the LavaLite/CMS repo while performing recon to find the CMS XSS bug that is among the bugs to be fixed on the huntr platform. Lavalite/CMS is an open source version of the Content Management System developed with Laravel framework.
A successful request will look like this.
I used an intruder with 1 thread in BURP comunity edition to test for rate limiting on the password field.
While rate limiting has not been triggered, the Lavalite/CMS login will direct itself to the login page for wrong passwords. See references.