Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Rate limit rules based on whether or not a request is to an endpoint that needs authentication
See original GitHub issueHello,
I was wondering if I could get some help with/pointers for implementing rate limiting based on whether or not a request is hitting an api endpoint that needs authentication?
I thought I could add a GeneralRules section to my appsettings.json file, where I start off with with the first rule targeting * and then get more specific, and override it, but it doesnt seem to work :
{
"Endpoint": "*",
"Period": "1h",
"Limit": 60
},
{
"Endpoint": "*:/my-non-authenticated-endpoint",
"Period": "1h",
"Limit": 120
},
So that by default all my endpoints except for my-non-authenticated-endpoint would have the first rule, and my-non-authenticated-endpoint would have my second rule, but it doesnt seem to work that way? or do I have bad rules? I’m going off of IpRateLimiting with Redis, if it makes a difference.
Issue Analytics
- State:
- Created 3 years ago
- Comments:5
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Sorry, i was being dense. I got what I needed by using
app.UseWhen(x => x.User.Identity.IsAuthenticated, builder => builder.UseClientRateLimiting());app.UseWhen(x => !x.User.Identity.IsAuthenticated, builder => app.UseIpRateLimiting());and configuring both
ClientRateLimitingandIpRateLimitingsettings in my appSettings.json file@dupuis2387 d Did you explored if there any way to override
ResolveClientAsync(HttpContext httpContext)to use custom-client-id or ip-address based on a if-else condition?