Open EngRajabi opened 4 years ago
For a custom rate limit store, you can write a handler that implements IRateLimitCounterHandler
interface.
Then you can replace the default implementation MemoryCacheRateLimitCounterHandler
with your own handler.
Just do an UpsteamHeaderTransorm
"UpstreamHeaderTransform": { "ClientId": "{RemoteIpAddress}" },
I actually struggled with this, thinking IP was the default. I had to debug the Ocelot source with ReSharper to figure it out. This works though... Unless I'm missing something.
If you also need the X-Forwarded-For
header in your downstream systems, you can configure Ocelot to use this header instead of the default ClientId
header for rate limiting.
{
"GlobalConfiguration": {
"RateLimitOptions": {
"DisableRateLimitHeaders": false,
"HttpStatusCode": 429,
"ClientIdHeader" : "X-Forwarded-For"
}
},
"Routes": [
{
... // route configuration
"UpstreamHeaderTransform": {
"X-Forwarded-For": "{RemoteIpAddress}"
}
}
]
}
@EngRajabi commented on Nov 4, 2019
add rate limit with ip address
Now not implemented. And this feature could be with high priority.
add StackBlockedRequests
Sorry? What are you talking about?
add custom rate limit store(sql server, redis,...)
Seems, not implemented. Will you contribute?
read header key in config
Sorry? Isn't it already implemented by ClientIdHeader option?
add IpWhitelist in config
Isn't it implemented by ClientWhitelist option?
Or, did you mean IP whitelist by RemoteIpAddress
?
What do you think about Security Options feature?
read StackBlockedRequests in config
Sorry? What are you talking about?
Well...Will you contribute?
@ggnaegi @RaynaldM Tom skipped this request in 2020 allowing ASP.NET team to deliver Rate Limiter feature in ASP.NET 7 (.NET 7) in November'2022. See: Future and ASP.NET Core Implementation And ASP.NET developers use native framework feature nowadays...
Will a new "Rate limit with RemoteIpAddress" feature be useful for our project? It is pretty useful from logical point of view. Seems ASP.NET Rate Limiter should have same functionality based on RemoteIpAddress.
Hello, this request is very old. Currently, you can use asp's own ratelimit.
This is one of our next topics, and we'll be analyzing whether it's useful and feasible.
It is useful, @RaynaldM... I don't like current design based on ClientIdHeader... A bit strange solution.
Also, ASP.NET has own implementation now in ASP.NET 7+. But I've not seen native RemoteIpAddress feature... ASP.NET offers to define a policy with predicate to check RemoteIpAddress
... then you limit using this policy options...
But the problem is a lack of your dev time. Seems Mohsen will not contribute... Will you, @EngRajabi ?
New Feature