Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Client rate limit by body parameter with multiple values. #355

Open
wants to merge 4 commits into
base: master
Choose a base branch
from

Conversation

mstfcck
Copy link

@mstfcck mstfcck commented Aug 10, 2022

We use AspNetCoreRateLimit in our projects. Everything was pretty good until now.

We need additional features for that package as below:

We should apply rate limit rules for clients by requesting body parameters.
The rule must belong to a specific endpoint.
That could be stored in Redis and changeable anytime as dynamically.
I have developed a draft and here are my updates:

I have used ValidationAttribute to reach related property and values and created a custom validation attribute called ClientRateLimitAttribute.
The rest of the code is similar to RateLimitProcessor.
Config as below:

Now we have "EnableBodyParameter" and "BodyParameters" configs.

"ClientRateLimitPolicies": {
    "ClientRules": [
      {
        "ClientId": "cl-key-0",
        "Rules": [
          {
            "Endpoint": "*",
            "Period": "1s",
            "Limit": 10
          },
          {
            "Endpoint": "get:/api/clients",
            "Period": "1m",
            "Limit": 2
          },
          {
            "Endpoint": "put:/api/clients",
            "Period": "5m",
            "Limit": 2
          },
          {
            "Endpoint": "post:/api/clients",
            "Period": "1m",
            "Limit": 7,
            "EnableBodyParameter": true,
            "BodyParameters": [
              {
                "ParameterName": "value",
                "ParameterValues": ["abc", "xyz"],
                "Period": "1m",
                "Limit": 3
              },
              {
                "ParameterName": "value",
                "ParameterValues": ["qwe", "rty"],
                "Period": "1m",
                "Limit": 5
              }
            ]
          }
        ]
      }
    ]
  }

That code works like this now but I know I can improve more. Before doing that I like to ask that would you support this? And what are your suggestions?

NOTE: I wanted to share the changes as PR, just for review.

@mstfcck mstfcck changed the title Body parameter Client rate limit by body parameter with multiple values. Aug 10, 2022
@mstfcck mstfcck marked this pull request as ready for review August 10, 2022 08:52
@MarkCiliaVincenti
Copy link
Contributor

In fact there is no X-Forwarded-For support in general. Created an issue about it at #412

@chaosifier
Copy link

I ended up using a middleware as a workaround.

app.Use(async (context, next) =>
{
    string xfwdheader = "X-Forwarded-For";
    string realipheader = "X-Real-IP";
    if (context.Request.Headers.ContainsKey(xfwdheader) && !context.Request.Headers.ContainsKey(realipheader))
    {
        var originatingAddressTrail = context.Request.Headers[xfwdheader].ToString();
        var parts = originatingAddressTrail.Split(new[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
        if (parts.Length > 0) {
            var clientIp = parts[0].Trim();
            context.Request.Headers.Append(realipheader, new Microsoft.Extensions.Primitives.StringValues(clientIp));
        }
    }
    await next.Invoke();
});

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants