ClientRules does not overwrite GeneralRules about aspnetcoreratelimit HOT 17 OPEN

@roycornelissen, please find the gist
https://gist.github.com/r4nc1d/f01e4594917843189299eed98f5043e2

For simplicity i just used RedisCache, that way I could just used the AbsoluteExpirationRelativeToNow,
The key will get removed automatically once set time has expired.

from aspnetcoreratelimit.

"Endpoint": "" is not a valid entry, you have to specify "*". Please use code blocks when posting the config, github will strip some characters.

from aspnetcoreratelimit.

Paste error

"ClientRateLimiting": {
    "EnableEndpointRateLimiting": false,
    "StackBlockedRequests": false,
    "ClientIdHeader": "X-ClientId",
    "HttpStatusCode": 429,
    //"EndpointWhitelist": [ "get:/api/license", "*:/api/status" ],
    //"ClientWhitelist": [ "cid123" ],
    "ClientRules": [
      {
        "ClientId": "cid123",
        "Rules": [
          {
            "Endpoint": "*",
            "Period": "1h",
            "Limit": 100
          }
        ]
      }
    ],
    "GeneralRules": [
      {
        "Endpoint": "*",
        "Period": "1s",
        "Limit": 2
      },
      {
        "Endpoint": "*",
        "Period": "1h",
        "Limit": 5
      }
    ]
  }

from aspnetcoreratelimit.

When you tested this what limit did you hit? The 2/sec?

from aspnetcoreratelimit.

from aspnetcoreratelimit.

Good morning. I continue to receive rules problems.
I defined one generic rule like this:

{
        "Endpoint": "*",
        "Period": "1h",
        "Limit": 1000
}

and one custom rule like this:

{
        "Endpoint": "GET:/api/users/recovery",
        "Period": "1h",
        "Limit": 5
}

but custom rule does not be apply.

from aspnetcoreratelimit.

I also have same problem. IpRateLimitPolicies does not overwrite GeneralRules in Runtime
in appsettings:

"IpRateLimiting": {
    "EnableEndpointRateLimiting": false,
    "StackBlockedRequests": false,
    "RealIpHeader": "X-Real-IP",
    "ClientIdHeader": "X-ClientId",
    "HttpStatusCode": 429,
    "IpWhitelist": [],
    "EndpointWhitelist": [ "get:/api/license", "*:/api/status" ],
    "ClientWhitelist": [ "dev-id-1", "dev-id-2" ],
    "GeneralRules": [
      {
        "Endpoint": "*",
        "Period": "1s",
        "Limit": 1
      }
    ]
  }

and in my controller:

[AcceptVerbs("POST", "PUT", "PATCH", "GET")]
        public async Task<bool> Get()
        {            
            var pol = await _ipPolicyStore.GetAsync(_options.IpPolicyPrefix);
            var ip = _accessor.HttpContext.Connection.RemoteIpAddress.ToString();

            if (!_rules.IpRules.ContainsKey(ip))
            {
                _rules.IpRules.Add(ip, true);
                pol.IpRules.Add(new IpRateLimitPolicy
                {
                    Ip = ip,
                    Rules = new List<RateLimitRule>(new RateLimitRule[] {
                        new RateLimitRule {
                        Endpoint = "*:/api/Default",
                        Period = "10s",
                        Limit = 1}
                    })
                });

                await _ipPolicyStore.SetAsync(_options.IpPolicyPrefix, pol);
                await _ipPolicyStore.SeedAsync();
            }

            return await Task.FromResult(true);
        }

in next request it shows that _ipPolicyStore was updated but it does not overwrite the GeneralRules

from aspnetcoreratelimit.

@stefanprodan Hello, do you have any update for this issue?

from aspnetcoreratelimit.

@stefanprodan I am also facing same issue, custom rules are not applying? Can you add a snapshot of appsetting.json to amke sure I am not doing anything wrong?

@matteoventuri7 Were you able to fix the issue?
Thanks,
Shubham

from aspnetcoreratelimit.

@stefanprodan I have the same issue, ClientRules does not overwrite GeneralRules
Is this something that you will be fixing any time soon.

Are there any work around?

from aspnetcoreratelimit.

Same problem here... I'd like to define general strict limits for any clientId and ones that do not send a ClientId header at all, but for a very specific client, I'd like to set other rules that are more lenient. But they don't seem to build on top of each other. If there's a way to do this, I'd love to know.

@r4nc1d did you work out a solution?

from aspnetcoreratelimit.

@roycornelissen unfortunately not, but i did end up rolling out my own. I am happy to share it with you. It is a very slim down version tho.

from aspnetcoreratelimit.

@r4nc1d sure, I'd love to see what you have made; I need a relatively small scenario too, so perhaps your implementation could help. Do you have gist you can share or maybe you can DM me on Twitter? @roycornelissen is my Twitter handle too. Thanks!

from aspnetcoreratelimit.

@r4nc1d thanks a lot!

from aspnetcoreratelimit.

No sure, I had also some trouble. By adding the line:

PeriodTimespan = new TimeSpan(0,0,10)

while creating the rule from code with this property, it suddenly worked on my end.

Rules = new List<RateLimitRule>(new RateLimitRule[] {
                        new RateLimitRule {
                        Endpoint = "*:/api/Default",
                        PeriodTimespan = new TimeSpan(0,0,10), ///!!! important without this line it did not work
                        Period = "10s",
                        Limit = 1}
                    })

from aspnetcoreratelimit.

I am also facing the same issue. The general rule value is not update properly during the run time. Please let me know if i missed any things from my end. Find the code below,
var clPolicy = new ClientRateLimitPolicy() { ClientId = "client-id-2" }; clPolicy.Rules.Add(new RateLimitRule { Endpoint = "get:/default/*", Limit = 10, PeriodTimespan = new TimeSpan(0, 10, 0), Period = "10m" }); _clientPolicyStore.SetAsync("client-id-2", clPolicy); _clientPolicyStore.SeedAsync();

from aspnetcoreratelimit.

Try changing:

"ClientRateLimiting": {
    "EnableEndpointRateLimiting": false,

to

"ClientRateLimiting": {
    "EnableEndpointRateLimiting": true,

from aspnetcoreratelimit.