AspNetCoreRateLimit icon indicating copy to clipboard operation
AspNetCoreRateLimit copied to clipboard

Published 20 hours ago verified publisher icon stefanprodan

EndpointRateLimiting default rules and some endpoint less restrictive

Open JaapMosselman opened this issue 3 years ago • 3 comments

I am migrating a .NET Framework 4 application, which uses WebApiThrottle to asp.net core. With WebApiThrottle I have a configuration with default limits and for some specific endpoints, I want to have less restrictive limits. But with AspNetCoreRateLimit, this seems not possible. If I define these rules: Endpoint = "", Period = "1s", Limit = 5 Endpoint = ":/values, Period = "1s", Limit = 10 then for the /values path the first rule mathes also and is more restrictive, so that will always be chosen.

So when you want some endpoints to be more restrictive, that would be possible, but some less restrictive is not possible.

Or am I missing something? Else, this is a feature request :-)

Regards, Jaap

JaapMosselman avatar Nov 08 '21 14:11 JaapMosselman

Any news on this?

JaapMosselman avatar Jul 28 '22 14:07 JaapMosselman

@JaapMosselman - Did you ever find a solution to this? I'm having the same issue it can't find an answer anywhere.

MikeNolan678 avatar Mar 12 '24 11:03 MikeNolan678

@MikeNolan678 No, I didn't. I even removed rate limiting from my application, because we decided a Web Application Firewall (WAF) is better suited for this tasks, instead of trying something by our own with ratelimiting. Of course can have is use cases, but not for protecting against attacks from the outside.

JaapMosselman avatar Mar 12 '24 12:03 JaapMosselman