stefanprodan / AspNetCoreRateLimit

ASP.NET Core rate limiting middleware

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Rate limit policy settings is not applied using AspNetCoreRateLimit in .net core 6

arash3003 opened this issue · comments

Hi,
I am using AspNetCoreRateLimit version 4.0.1 and I have done all the setup in .net core 6 web api. I can see rate limit is working when I send a call via postman.

However, when I add IpRateLimitPolicies with specific IP address, the settings won't be applied. I use postman and this time in the proxy I added the ip address to 127.0.0.1. I can see the ip hitting the api is set correctly when I use Request.HttpContext.Connection.RemoteIpAddress; I also deployed to our dev environment and called from a different client and got the same result.

I registered them as follow in program.cs:
_serviceCollection.AddOptions(); _serviceCollection.AddMemoryCache(); _serviceCollection.Configure<IpRateLimitOptions>(builder.Configuration.GetSection("IpRateLimiting")); _serviceCollection.Configure<IpRateLimitPolicies>(builder.Configuration.GetSection("IpRateLimitPolicies")); _serviceCollection.AddInMemoryRateLimiting(); _serviceCollection.AddSingleton<IIpPolicyStore, MemoryCacheIpPolicyStore>(); _serviceCollection.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>(); _serviceCollection.AddSingleton<IHttpContextAccessor, HttpContextAccessor>(); _serviceCollection.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>();

Also added: app.UseIpRateLimiting();

My appsettings also looks like:
{ "IpRateLimiting": { "EnableEndpointRateLimiting": false, "StackBlockedRequests": false, "RealIPHeader": "X-Real-IP", "ClientIdHeader": "X-ClientId", "IpWhitelist": [ ], "EndpointWhitelist": [], "ClientWhitelist": [], "HttpStatusCode": 429, "GeneralRules": [ { "Endpoint": "*", "Period": "10s", "Limit": 1 } ] }, "IpRateLimitPolicies": { "IpRules": [ { "Ip": "127.0.0.1", "Rules": [ { "Endpoint": "*", "Period": "20s", "Limit": 2 } ] } ] }

But apparently the settings under IpRateLimitPolicies won't be applied.

I wonder if I have missed anything here?

Thank you

any thoughts on this?

Same issue here, my ratelimit rules are not applying either

thanks your register code,it work for me. I cannot find any register code for .NET 6 before..

Thanks @MAYBreath - are the settings under "IpRateLimitPolicies" applied for you in .net core 6? have you done anything extra?

IpRateLimitPolicies

@arash3003
yes,you need add those code at Program.cs
var ipPolicyStore = app.Services.GetRequiredService<IIpPolicyStore>(); ipPolicyStore.SeedAsync().GetAwaiter().GetResult(); var clientPolicyStore = app.Services.GetRequiredService<IClientPolicyStore>(); clientPolicyStore.SeedAsync().GetAwaiter().GetResult();

and if you test at localhost,try change "Ip": "127.0.0.1" to "Ip": "::1/10" ,it may help you.

Thanks - it works now for both IP and Client.

Hi @MAYBreath & @arash3003

I am also facing same issue in .net core 5, Do you have any solution on this?

// needed to store rate limit counters and ip rules
services.AddMemoryCache();

        //load general configuration from appsettings.json
        services.Configure<ClientRateLimitOptions>(_config.GetSection("ClientRateLimiting"));

        //load client rules from appsettings.json
        services.Configure<ClientRateLimitPolicies>(_config.GetSection("ClientRateLimitPolicies"));

        services.AddInMemoryRateLimiting();

        // inject counter and rules stores
        services.AddSingleton<IClientPolicyStore, MemoryCacheClientPolicyStore>();
        services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
        services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
        services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>();
        services.AddSingleton<IProcessingStrategy, AsyncKeyLockProcessingStrategy>();

HI @MAYBreath - Its working fine, Thanks

app.UseExceptionMiddleware();

        app.UseHttpsRedirection();

        app.UseRouting();

        var clientPolicyStore = Services.GetRequiredService<IClientPolicyStore>(); 
        clientPolicyStore.SeedAsync().GetAwaiter().GetResult();

        app.UseClientRateLimiting();

        app.UseCors(x => x.SetIsOriginAllowed(origin => true).AllowAnyMethod().AllowAnyHeader().AllowCredentials());

        app.UseAuthentication();

        app.UseAuthorization();

        app.UseDefaultFiles();


        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllers();
        });

Hi @MohammedMubeen , yes it worked for me after I applied @MAYBreath's solution.

Hi @arash3003 ,

Thanks for the response.

If possible , Set periods and Limit from the database? Do you have any idea?

"GeneralRules": [
{
"Endpoint": "*",
"Period": "1s",
"Limit": 2
}
]

My clients, They expecting provide request limitation based on there subscription. Example like - Basic, Premium & Enterprise.
Do you have any idea?

Yes you can do it easily. This is the same way I have implemented. You can create your tables and have your methods to extract data from the DB. Then you can do something like this is your startup.cs. In my example I use the client policy:

ClientRateLimitPolicies policies = MYDBRepo.GetAll().GetAwaiter().GetResult();

_serviceCollection.AddOptions();
_serviceCollection.AddMemoryCache();
_serviceCollection.Configure<ClientRateLimitOptions>(Configuration.GetSection("ClientRateLimiting"));
_serviceCollection.Configure<ClientRateLimitPolicies>(option => { option.ClientRules = policies.ClientRules; });

MYDBRepo returns all active policies and map it to ClientRateLimitPolicies.

Thanks @arash3003 .

Now I got some ideas. If any help, Please let you know.

Again, Thanks for the help.

Hello,

You need to add below code as middleware.

var clientPolicyStore = app.Services.GetRequiredService(); clientPolicyStore.SeedAsync().GetAwaiter().GetResult();

Thank you