diff --git a/packages/core/admin/server/middlewares/rateLimit.js b/packages/core/admin/server/middlewares/rateLimit.js
index 0135931471..68cc638f95 100644
--- a/packages/core/admin/server/middlewares/rateLimit.js
+++ b/packages/core/admin/server/middlewares/rateLimit.js
@@ -1,7 +1,8 @@
 'use strict';
 
 const utils = require('@strapi/utils');
-const { has, toLower } = require('lodash/fp');
+const { isString, has, toLower } = require('lodash/fp');
+const path = require('path');
 
 const { RateLimitError } = utils.errors;
 
@@ -24,13 +25,9 @@ module.exports =
       const rateLimit = require('koa2-ratelimit').RateLimit;
 
       const userEmail = toLower(ctx.request.body.email) || 'unknownEmail';
-      let requestPath = toLower(ctx.request.path) || 'unknownPath';
-
-      if (requestPath.endsWith('/')) {
-        if (requestPath !== '/') {
-          requestPath = requestPath.slice(0, -1);
-        }
-      }
+      const requestPath = isString(ctx.request.path)
+        ? toLower(path.normalize(ctx.request.path))
+        : 'invalidPath';
 
       const loadConfig = {
         interval: { min: 5 },
diff --git a/packages/plugins/users-permissions/server/middlewares/rateLimit.js b/packages/plugins/users-permissions/server/middlewares/rateLimit.js
index d5d81007c6..b9c781c99d 100644
--- a/packages/plugins/users-permissions/server/middlewares/rateLimit.js
+++ b/packages/plugins/users-permissions/server/middlewares/rateLimit.js
@@ -1,7 +1,8 @@
 'use strict';
 
 const utils = require('@strapi/utils');
-const { has, toLower } = require('lodash/fp');
+const { isString, has, toLower } = require('lodash/fp');
+const path = require('path');
 
 const { RateLimitError } = utils.errors;
 
@@ -24,13 +25,9 @@ module.exports =
       const rateLimit = require('koa2-ratelimit').RateLimit;
 
       const userIdentifier = toLower(ctx.request.body.email) || 'unknownIdentifier';
-      let requestPath = toLower(ctx.request.path) || 'unknownPath';
-
-      if (requestPath.endsWith('/')) {
-        if (requestPath !== '/') {
-          requestPath = requestPath.slice(0, -1);
-        }
-      }
+      const requestPath = isString(ctx.request.path)
+        ? toLower(path.normalize(ctx.request.path))
+        : 'invalidPath';
 
       const loadConfig = {
         interval: { min: 5 },