EndpointRateLimiting default rules and some endpoint less restrictive

[JaapMosselman]

I am migrating a .NET Framework 4 application, which uses WebApiThrottle to asp.net core. With WebApiThrottle I have a configuration with default limits and for some specific endpoints, I want to have less restrictive limits. But with AspNetCoreRateLimit, this seems not possible. If I define these rules: Endpoint = "", Period = "1s", Limit = 5 Endpoint = ":/values, Period = "1s", Limit = 10 then for the /values path the first rule mathes also and is more restrictive, so that will always be chosen.

So when you want some endpoints to be more restrictive, that would be possible, but some less restrictive is not possible.

Or am I missing something? Else, this is a feature request :-)

Regards, Jaap

[JaapMosselman]

Any news on this?

[MikeNolan678]

@JaapMosselman - Did you ever find a solution to this? I'm having the same issue it can't find an answer anywhere.

[JaapMosselman]

@MikeNolan678 No, I didn't. I even removed rate limiting from my application, because we decided a Web Application Firewall (WAF) is better suited for this tasks, instead of trying something by our own with ratelimiting. Of course can have is use cases, but not for protecting against attacks from the outside.