search

ThreeMammals / Ocelot

.NET API Gateway
https://www.nuget.org/packages/Ocelot
MIT License
8.36k stars 1.64k forks source link

Rate limit with RemoteIpAddress #1050

Open EngRajabi opened 4 years ago

EngRajabi commented 4 years ago

New Feature

catcherwong commented 4 years ago

For a custom rate limit store, you can write a handler that implements IRateLimitCounterHandler interface.

Then you can replace the default implementation MemoryCacheRateLimitCounterHandler with your own handler.

https://github.com/ThreeMammals/Ocelot/blob/fbd9c01a425a0a3bda46717efda423883543fb76/src/Ocelot/DependencyInjection/OcelotBuilder.cs#L108

m-hicks-OH commented 3 years ago

Just do an UpsteamHeaderTransorm "UpstreamHeaderTransform": { "ClientId": "{RemoteIpAddress}" },

I actually struggled with this, thinking IP was the default. I had to debug the Ocelot source with ReSharper to figure it out. This works though... Unless I'm missing something.

eddex commented 1 year ago

If you also need the X-Forwarded-For header in your downstream systems, you can configure Ocelot to use this header instead of the default ClientId header for rate limiting.

{
  "GlobalConfiguration": {
    "RateLimitOptions": {
      "DisableRateLimitHeaders": false,
      "HttpStatusCode": 429,
      "ClientIdHeader" : "X-Forwarded-For"
    }
  },
  "Routes": [
    {
    ... // route configuration
    "UpstreamHeaderTransform": {
        "X-Forwarded-For": "{RemoteIpAddress}"
      }
    }
  ]
}
raman-m commented 7 months ago

@EngRajabi commented on Nov 4, 2019

add rate limit with ip address

Now not implemented. And this feature could be with high priority.

add StackBlockedRequests

Sorry? What are you talking about?

add custom rate limit store(sql server, redis,...)

Seems, not implemented. Will you contribute?

read header key in config

Sorry? Isn't it already implemented by ClientIdHeader option?

add IpWhitelist in config

Isn't it implemented by ClientWhitelist option? Or, did you mean IP whitelist by RemoteIpAddress ? What do you think about Security Options feature?

read StackBlockedRequests in config

Sorry? What are you talking about?

Well...Will you contribute?

raman-m commented 7 months ago

@ggnaegi @RaynaldM Tom skipped this request in 2020 allowing ASP.NET team to deliver Rate Limiter feature in ASP.NET 7 (.NET 7) in November'2022. See: Future and ASP.NET Core Implementation And ASP.NET developers use native framework feature nowadays...

Will a new "Rate limit with RemoteIpAddress" feature be useful for our project? It is pretty useful from logical point of view. Seems ASP.NET Rate Limiter should have same functionality based on RemoteIpAddress.

EngRajabi commented 7 months ago

Hello, this request is very old. Currently, you can use asp's own ratelimit.

RaynaldM commented 6 months ago

This is one of our next topics, and we'll be analyzing whether it's useful and feasible.

raman-m commented 6 months ago

It is useful, @RaynaldM... I don't like current design based on ClientIdHeader... A bit strange solution. Also, ASP.NET has own implementation now in ASP.NET 7+. But I've not seen native RemoteIpAddress feature... ASP.NET offers to define a policy with predicate to check RemoteIpAddress... then you limit using this policy options...

But the problem is a lack of your dev time. Seems Mohsen will not contribute... Will you, @EngRajabi ?