RussellLuo
rate_limit does not trigger
Hey there,
I'm trying to protect a basicauth prompt against brute-forcing using rate_limit, but for some reason it just does not trigger. I can curl the path all day long and it will not even once return a 429. Here's my config:
handle_path /test {
rate_limit {query.id} 1r/m
basicauth {
something something
}
reverse_proxy ...
}
any idea why?
@Hor1kon I switched to this: https://github.com/mholt/caddy-ratelimit it's working fine
@Hor1kon This is working for me
handle /login {
rate_limit {remote.host} 10r/m
reverse_proxy my-app:3000 {
header_up X-Real-IP {remote_host}
}
}
I had to add an order block at the top of my Caddy file
{
order rate_limit before basicauth
}
Also, make sure that the network request that you are trying to block actually matches the path that you have in your handle.
@Hor1kon I switched to this: https://github.com/mholt/caddy-ratelimit it's working fine
Yea, I also have switched to it
@Hor1kon This is working for me
handle /login { rate_limit {remote.host} 10r/m reverse_proxy my-app:3000 { header_up X-Real-IP {remote_host} } }I had to add an order block at the top of my Caddy file
{ order rate_limit before basicauth }Also, make sure that the network request that you are trying to block actually matches the path that you have in your handle.
Yeah, I think by me it wasn't working because of this first line, because in other rate-limit build this line was initially in the example