rate_limit does not trigger

RussellLuo / caddy-ext

Various Caddy v2 extensions (a.k.a. modules).

MIT License

96 stars 21 forks source link

rate_limit does not trigger #21

Open UltraBlackLinux opened 7 months ago

UltraBlackLinux commented 7 months ago

Hey there, I'm trying to protect a basicauth prompt against brute-forcing using rate_limit, but for some reason it just does not trigger. I can curl the path all day long and it will not even once return a 429. Here's my config:

handle_path /test {
  rate_limit {query.id} 1r/m
  basicauth {
    something something
  }
  reverse_proxy ...
 }

any idea why?

Hor1kon commented 3 months ago

same problem, did you find a solution?

UltraBlackLinux commented 3 months ago

@Hor1kon I switched to this: https://github.com/mholt/caddy-ratelimit it's working fine

decaf-dev commented 3 months ago

@Hor1kon This is working for me

    handle /login {
        rate_limit {remote.host} 10r/m
        reverse_proxy my-app:3000 {
            header_up X-Real-IP {remote_host}
        }
    }

I had to add an order block at the top of my Caddy file

{
    order rate_limit before basicauth
}

Also, make sure that the network request that you are trying to block actually matches the path that you have in your handle.

Hor1kon commented 3 months ago

@Hor1kon I switched to this: https://github.com/mholt/caddy-ratelimit it's working fine

Yea, I also have switched to it

Hor1kon commented 3 months ago

@Hor1kon This is working for me
    handle /login {
        rate_limit {remote.host} 10r/m
        reverse_proxy my-app:3000 {
            header_up X-Real-IP {remote_host}
        }
    }
I had to add an order block at the top of my Caddy file
{
  order rate_limit before basicauth
}
Also, make sure that the network request that you are trying to block actually matches the path that you have in your handle.

Yeah, I think by me it wasn't working because of this first line, because in other rate-limit build this line was initially in the example