introduced
AspNetCoreRateLimit 是一种 ASP.NET Core 速率限制解决方案,旨在控制客户端可以根据 IP 地址或客户端 ID 向 Web API 或 MVC 应用程序发出请求的速率。AspNetCoreRateLimit 包包含一个 IpRateLimitMiddleware 和一个 ClientRateLimitMiddleware,对于每个中间件,您可以为不同的场景设置多个限制,例如允许 IP 或客户端在每秒、15 分钟等时间间隔内进行最大调用次数。您可以定义这些限制来解决对 API 发出的所有请求,或者您可以将限制范围限定为每个 API URL 或 HTTP 动词和路径。
地址: https://github.com/stefanprodan/AspNetCoreRateLimit
function
Rate limiting based on client IP
- setup and configuration
- Define rate limiting rules
- behavior
- Run-time update rate limit
Rate limit based on client ID
- setup and configuration
- Define rate limiting rules
- behavior
- Run-time update rate limit
advanced configuration
- Custom quota exceeded response
- IP / ClientId resolution contributor
- Using Redis as distributed counter storage
Usage (rate limit based on client IP)
**NuGet installation: **
Install-Package AspNetCoreRateLimit
Install-Package AspNetCoreRateLimit.Redis
**Startup.cs code: **
public void ConfigureServices(IServiceCollection services)
{
services.AddOptions();
services.AddMemoryCache();
services.Configure<IpRateLimitOptions>(Configuration.GetSection("IpRateLimiting"));
services.Configure<IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies"));
services.AddInMemoryRateLimiting();
services.AddMvc();
services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>();
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseIpRateLimiting();
app.UseMvc();
}
appsettings.json:
"IpRateLimiting": {
"EnableEndpointRateLimiting": false,
"StackBlockedRequests": false,
"RealIpHeader": "X-Real-IP",
"ClientIdHeader": "X-ClientId",
"HttpStatusCode": 429,
"IpWhitelist": [ "127.0.0.1", "::1/10", "192.168.0.0/24" ],
"EndpointWhitelist": [ "get:/api/license", "*:/api/status" ],
"ClientWhitelist": [ "dev-id-1", "dev-id-2" ],
"GeneralRules": [
{
"Endpoint": "*",
"Period": "1s",
"Limit": 2
},
{
"Endpoint": "*",
"Period": "15m",
"Limit": 100
},
{
"Endpoint": "*",
"Period": "12h",
"Limit": 1000
},
{
"Endpoint": "*",
"Period": "7d",
"Limit": 10000
}
]
}
If EnableEndpointRateLimiting is set to false, the restriction will apply globally and only applies to endpoint rules*. For example, if you set a limit of 5 calls per second, any HTTP call to any endpoint will count towards that limit.
If EnableEndpointRateLimiting is set to true, the restriction will apply to each endpoint, such as . For example, if you set a limit of 5 calls per second for the*:/api/values client, GET /api/values can be called 5 times per second, but PUT /api/values can also be called 5 times per second.
If StackBlockkedRequests is set to false, rejected calls are not added to the throttle counter. If a client makes 3 requests per second and you set a limit of one call per second, other limits (such as a minute or daily counter) will only record the first call, which is the call that is not blocked. If you want rejected requests to count against other limits, you must set StackBlockedRequests to true.
Used to extract the client IP when your RealIpHeaderKestrel server is behind the reverse proxy. If your proxy uses a different header, X-Real-IP is set using this option.
ClientIdHeader is used to extract the client ID of the whitelist. If a client ID exists in this header and matches the value specified in ClientWhitelist, no rate limit applies.
Only rate limits based on client IP are written here. If you are interested in this project, please visit the AspNetCoreRateLimit official website for more documentation.
Finally, if you like my article, please pay attention to it. I hope that the net ecosystem will get better and better!