C#/.net>> request-limit-net-core>> 返回
项目作者: vitorm04

项目描述 :
.NET Core - Request Limit Control
高级语言: C#
项目地址: git://github.com/vitorm04/request-limit-net-core.git
创建时间: 2021-04-01T02:33:52Z
项目社区:https://github.com/vitorm04/request-limit-net-core
开源协议:
下载


.NET Core - Request Limit Control

Reports are very common in any system and some of them can be very heavy to process. Therefore, in this case, the application may be degraded during the generation of the report, affecting other users. But, how can we avoid this? The first thought would be to block the bottom, right? Um, but it is so easy to hack, the user can just edit the html props and enable it again. Therefore, the best option is to block it on the server side, using some request limit control strategy.

Solution - AspNetCoreRateLimit

AspNetCoreRateLimit is a library that can help us with requisition control. You can define rules to decide how many times a client can call the resource over a period of time.

But how does it work?

AspNetCoreRateLimit uses the MemoryCache solution to save information about client requests. For example, a client can only make 10 requests in a 5-second interval for a specific endpoint. Thus, each request will be saved in memory cache and if the client exceeds this limit, the application will stop the request and return an http error status.

Implementation

First of all, we need to install the library AspNetCoreRateLimit

Configuring

The best option to configure AspNetCoreRateLimit is to define all the information within appsettings.json. So, we will create a block like this:

  1. "IpRateLimiting": {
  2.     "EnableEndpointRateLimiting": true,
  3.     "StackBlockedRequests": false,
  4.     "RealIpHeader": "X-Real-IP",
  5.     "ClientIdHeader": "X-ClientId",
  6.     "HttpStatusCode": 429, 
  7.     "GeneralRules": [
  8.       {
  9.         "Endpoint": "*/api/test", 
  10.         "Period": "2s", //interval
  11.         "Limit": 2 //limit of request in the interval
  12.       }
  13.     ]
  14.   },

With our rules configurated, we need to add few lines in Startup.cs:

  1.  public void ConfigureServices(IServiceCollection services)
  2.  {
  3.       services.AddOptions();
  4.       //AspNetCoreRateLimit uses MemoryCache to control the numbers of requests
  5.       services.AddMemoryCache();
  7.        //Adding AspNetCoreRateLimit rules
  8.       services.Configure<IpRateLimitOptions>(Configuration.GetSection("IpRateLimiting"));
  10.       //Adding the store
  11.       services.AddSingleton<IIpPolicyStore, MemoryCacheIpPolicyStore>();
  13.       //Adding the request counter
  14.       services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
  15.       services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>();
  16.       services.AddHttpContextAccessor();
  17.       services.AddControllers();
  18.       services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>();
  19.       services.AddSwaggerGen(c =>
  20.       {
  21.           c.SwaggerDoc("v1", new OpenApiInfo { Title = "RequestLimit", Version = "v1" });
  22.       });
  23. }

And the final step is to activate the service:

  1. public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
  2. {
  3.     if (env.IsDevelopment())
  4.     {
  5.         app.UseDeveloperExceptionPage();
  6.         app.UseSwagger();
  7.         app.UseSwaggerUI(c => c.SwaggerEndpoint("/swagger/v1/swagger.json", "RequestLimit v1"));
  8.     }
  10.     app.UseHttpsRedirection();
  12.     app.UseRouting();
  13.     app.UseIpRateLimiting() //Adding this block;
  14.     app.UseAuthorization();
  16.     app.UseEndpoints(endpoints =>
  17.     {
  18.         endpoints.MapControllers();
  19.     });
  20. }

And it’s done, now our api has a request control. You can customize your configuration to follow specifics rules, all the options are listed here:
https://github.com/stefanprodan/AspNetCoreRateLimit