/dotnet-core-rate-limiting-middleware

IP rate limiting middleware for .net core-5 apis inspired by Stefan Prodan's ClientRateLimitMiddleware based on IP

Primary LanguageC#

dotnet-core-rate-limiting-middleware

"IpRateLimiting": {
    "EnableEndpointRateLimiting": false,
    "StackBlockedRequests": false,
    "RealIpHeader": "X-Real-IP", //rate-limiting based on ip address
    "ClientIdHeader": "X-ClientId",
    "HttpStatusCode": 429,
    "IpWhitelist": [], // IP whitelisting mostly for test ie: locahost :  "127.0.0.1" (IPv4), "::1/10"(IPv6)
    "EndpointWhitelist": [ "get:/api/license", "*:/api/status" ], // dont block user trying to see license or some status endpoint whitelisting
    "ClientWhitelist": [ "dev-id-1", "dev-id-2" ],
    "GeneralRules": [
      {
        "Endpoint": "*",
        "Period": "1s",
        "Limit": 2
      },
      {
        "Endpoint": "*",
        "Period": "1m",
        "Limit": 100
      },
      {
        "Endpoint": "*",
        "Period": "24h",
        "Limit": 1000
      },
      {
        "Endpoint": "*",
        "Period": "7d",
        "Limit": 10000
      }
    ]
  }
}
//FILTERS : 2req per second / 100 per min / 1000 per day / 10K per week


alt text