Token limiting does not work.

Question

Token limiting does not work.

MarlikAlmighty opened this issue 3 years ago · 4 comments

Sample code:

func limitAccess(next http.Handler) http.Handler {

	lmt := tollbooth.NewLimiter(1, nil)
	lmt.SetHeaderEntryExpirationTTL(time.Hour * 24)
	lmt.SetHeader("X-Access-Token", []string{"abc123", "abc456"})
	lmt.SetIPLookups([]string{"RemoteAddr", "X-Forwarded-For", "X-Real-IP"})
	lmt.SetMethods([]string{"GET", "POST"})

	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		if httpError := tollbooth.LimitByRequest(lmt, w, r); httpError != nil {
			http.Error(w, http.StatusText(401), http.StatusForbidden)
			return
		}

		next.ServeHTTP(w, r)
	})
}

Answer 1 · 2022-03-10T15:48:53.000Z

I have the same problem

Answer 2 · 2022-05-12T20:40:22.000Z

I've tried to test it naively, and rate-limiting was skipped unless I provided the X-Access-Token header with a value set to abc123 or abc456. I guess the problem you are having is unexpected results of the SetHeader call, am I right?

Answer 3 · 2022-09-22T04:32:53.000Z

If you want (or, wanted) to simply rate limit all requests that contains X-Access-Token in header, regardless of its value, then the following code in version v7.0.1 or v4.0.2+incompatible.

	lmt.SetHeader("X-Access-Token", []string{})

Answer 4 · 2023-06-29T14:57:29.000Z

the same problem