AspNetCoreRateLimit icon indicating copy to clipboard operation
AspNetCoreRateLimit copied to clipboard

Published 20 hours ago verified publisher icon stefanprodan

Global rule overwriting path based ruleset

Open enevole opened this issue 4 years ago • 3 comments

Im having an issue with the global wildcard ruleset overwriting the specific ruleset for a given endpoint. Is this a case where I can't have both options at the same time, so that if we want specific rules for specific endpoints, we need to apply to each and every one?

  // IP Rate limiting
  "IpRateLimiting": {
    "EnableEndpointRateLimiting": true,
    "StackBlockedRequests": false,
    "RealIpHeader": "CF-Connecting-IP",
    "ClientIdHeader": "ClientIdHeader",
    "HttpStatusCode": 429,
    "IpWhitelist": [ "127.0.0.1", "::1/10", "192.168.0.0/24", "172.31.71.0/16" ], // SHOULD BE:
    "EndpointWhitelist": [ "get:/api/license", "*:/api/status" ],
    "ClientWhitelist": [ "" ], //"dev-id-1", "dev-id-2"
    "GeneralRules": [
      // Login limit
      {
        "Endpoint": "get:/v1/Auth/create_token",
        "Period": "2m",
        "Limit": 10
      },

      // Open contact point
      {
        "Endpoint": "get:/v1/messaging/message-to-byndle",
        "Period": "1m",
        "Limit": 1
      },

      // Calling notifications every 15 seconds obviously ends up in a lot of queries
      {
        "Endpoint": "get:/v1/notifications/unseen",
        "Period": "12h",
        "Limit": 25000
      },
      {
        "Endpoint": "get:/v1/notifications/latest/15",
        "Period": "12h",
        "Limit": 25000
      },

      // General everything ever fallbacks
      {
        "Endpoint": "*",
        "Period": "1s",
        "Limit": 10
      },
      {
        "Endpoint": "*",
        "Period": "15m",
        "Limit": 1000
      },
      {
        "Endpoint": "*",
        "Period": "12h",
        "Limit": 5000
      }
    ]

GET calls to /v1/notifications/unseen are still being blocked by the 12h 5k limit, and not by the applied 12h 25k limit we have specified for that endpoint.

enevole avatar Aug 29 '19 10:08 enevole

same issue here

Floyddotnet avatar Nov 30 '20 10:11 Floyddotnet

Same issue here. Here is a simple example:

options.GeneralRules = new List<RateLimitRule> {

                    // Special rule
                    new RateLimitRule() {
                        Endpoint = "*:/test",
                        Period = "1s",
                        PeriodTimespan = TimeSpan.FromSeconds(1),
                        Limit = 1
                    },

                    // Fallback
                    new RateLimitRule() {
                        Endpoint = "*",
                        Period = "60s",
                        PeriodTimespan = TimeSpan.FromSeconds(60),
                        Limit = 60
                    }

                    
                };

Fallback is always used

lvandyk avatar Dec 24 '20 09:12 lvandyk

same issue - are we doing something wrong or is this really still the case? seems like the most basic thing...

chaelli avatar Feb 10 '22 16:02 chaelli