Git Product home page Git Product logo

Comments (7)

RussellLuo avatar RussellLuo commented on August 9, 2024 1

Per the doc of Preflighted requests:

Unlike “simple requests” (discussed above), for "preflighted" requests the browser first sends an HTTP request using the OPTIONS method to the resource on the other origin, in order to determine if the actual request is safe to send.

So if the OPTIONS request is limited, then you will encounter a CORS error. Try to just limit the actual request by using the method matcher.

from caddy-ext.

RussellLuo avatar RussellLuo commented on August 9, 2024

@swapnil2525kangralkar With the Caddyfile you provided, I got the corresponding config in JSON as below:

{
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "routes": [
            {
              "handle": [
                {
                  "routes": [
                    {
                      "handle": [
                        {
                          "rate": "50r/m", 
                          "handler": "rate_limit", 
                          "key": "{remote.ip}"
                        }
                      ]
                    }, 
                    {
                      "handle": [
                        {
                          "status_code": 200, 
                          "handler": "static_response"
                        }
                      ]
                    }
                  ], 
                  "handler": "subroute"
                }
              ], 
              "match": [
                {
                  "path": [
                    "/v1/graphql"
                  ]
                }
              ]
            }, 
            {
              "handle": [
                {
                  "handler": "reverse_proxy", 
                  "upstreams": [
                    {
                      "dial": "graphql-engine:8080"
                    }
                  ]
                }
              ]
            }
          ], 
          "listen": [
            ":8080"
          ]
        }
      }
    }
  }
}

By changing the rate to 5r/m, rate_limit is confirmed to be effective for me:

$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
429

from caddy-ext.

swapnil2525kangralkar avatar swapnil2525kangralkar commented on August 9, 2024

@swapnil2525kangralkar With the Caddyfile you provided, I got the corresponding config in JSON as below:

{
  "apps": {
    "http": {
      "servers": {
        "srv0": {
          "routes": [
            {
              "handle": [
                {
                  "routes": [
                    {
                      "handle": [
                        {
                          "rate": "50r/m", 
                          "handler": "rate_limit", 
                          "key": "{remote.ip}"
                        }
                      ]
                    }, 
                    {
                      "handle": [
                        {
                          "status_code": 200, 
                          "handler": "static_response"
                        }
                      ]
                    }
                  ], 
                  "handler": "subroute"
                }
              ], 
              "match": [
                {
                  "path": [
                    "/v1/graphql"
                  ]
                }
              ]
            }, 
            {
              "handle": [
                {
                  "handler": "reverse_proxy", 
                  "upstreams": [
                    {
                      "dial": "graphql-engine:8080"
                    }
                  ]
                }
              ]
            }
          ], 
          "listen": [
            ":8080"
          ]
        }
      }
    }
  }
}

By changing the rate to 5r/m, rate_limit is confirmed to be effective for me:

$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 
429

from caddy-ext.

swapnil2525kangralkar avatar swapnil2525kangralkar commented on August 9, 2024

Thanks @RussellLuo,
Checked - working on curl on my side also.
I will recheck all configs why it is not working on brower.
Might be some other issue.
For now closing will update if anything related.

from caddy-ext.

RussellLuo avatar RussellLuo commented on August 9, 2024

I am trying to limit /v1/graphql with ip but I am getting CORS error.
If route /v1 is used no error but api limit does not work.

CORS is a browser-related mechanism, see here for details.

I guess that you have configured CORS headers for upstream graphql-engine:8080, but not for /v1/graphql. Try this Caddyfile instead:

:8080 {
  reverse_proxy graphql-engine:8080
  route /v1/graphql {
    rate_limit {remote.ip} 50r/m

    # CORS headers
    header Access-Control-Allow-Origin *
    header Access-Control-Allow-Methods GET
    header Access-Control-Allow-Credentials true

    respond 200
  }
}

from caddy-ext.

swapnil2525kangralkar avatar swapnil2525kangralkar commented on August 9, 2024

For anyone who needs to setup hasura graphql and caddy 2.0 with ratelimit ext (docker-compose).

  • Default: 120r/min for ip address.
  • custom caddy 2.0 docker image with caddy extension.

Github: https://github.com/swapnil2525kangralkar/caddy_hasura_ratelimit

from caddy-ext.

ermiaqasemi avatar ermiaqasemi commented on August 9, 2024

I also get a CORS error when the limit happens, actually, first 100 request are ok until the user reaches the rate limit and it shows CORS error, any idea?

from caddy-ext.

Related Issues (19)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.