CODEWITHSUNDEEP
c#asp.net-corekubernetes-ingressrate-limiting
Ram R
Ram R

Reputation: 57

How to implement API rate limit in asp.net core based on user type

I am currently working on providing the API rate limit based on the register/non-register user IP address or user type in ASP.NET Core Web api. (i.e without sign-in or sign-in in client application). I have tried to use the AspNETCoreRateLimit package but I could not update the client id dynamically from the client application. If we use the dynamic update method, It update the existing client ID rules so we could not create the new client id rules for newly register user. Can any one suggest to overcome this issue or suggest the alternate way to handle the ratelimit in ASP.NET Core web API.

Note: The application will host in the Kubernetes Cluster. please let me know can we handle this rate limit in Ingress-controller level?

Upvotes: 4

Views: 7475

Answers (2)

scale_tone
scale_tone

Reputation: 312

With ThrottlingTroll you only need to provide a custom IdentityIdExtractor routine:

app.UseThrottlingTroll(options =>
{
    options.Config = new ThrottlingTrollConfig
    {
        Rules = new[]
        {
            new ThrottlingTrollRule
            {
                LimitMethod = new FixedWindowRateLimitMethod
                {
                    PermitLimit = 3,
                    IntervalInSeconds = 15
                },

                IdentityIdExtractor = (request) =>
                {
                    // Use whatever logic you prefer to extract a client id
                    // from incoming request here. This example uses an api-key 
                    return request.IncomingRequest.Query["api-key"];
                }
            }
        }                    
    };
});

and requests from distinct clients will be counted and rated individually.

Upvotes: 0

Jakub
Jakub

Reputation: 8830

I dont know how to do it with ASP.NET Core, but as mentioned in below docs you should be able to do that at ingress level.

Kubernetes ingress

There is documentation about that in kubernetes ingress.

Rate limiting

These annotations define limits on connections and transmission rates. These can be used to mitigate DDoS Attacks.

nginx.ingress.kubernetes.io/limit-connections: number of concurrent connections allowed from a single IP address. A 503 error is returned when exceeding this limit.

nginx.ingress.kubernetes.io/limit-rps: number of requests accepted from a given IP each second. The burst limit is set to 5 times the limit. When clients exceed this limit, limit-req-status-code default: 503 is returned.

nginx.ingress.kubernetes.io/limit-rpm: number of requests accepted from a given IP each minute. The burst limit is set to 5 times the limit. When clients exceed this limit, limit-req-status-code default: 503 is returned.

nginx.ingress.kubernetes.io/limit-rate-after: initial number of kilobytes after which the further transmission of a response to a given connection will be rate limited. This feature must be used with proxy-buffering enabled.

nginx.ingress.kubernetes.io/limit-rate: number of kilobytes per second allowed to send to a given connection. The zero value disables rate limiting. This feature must be used with proxy-buffering enabled.

nginx.ingress.kubernetes.io/limit-whitelist: client IP source ranges to be excluded from rate-limiting. The value is a comma separated list of CIDRs. If you specify multiple annotations in a single Ingress rule, limits are applied in the order limit-connections, limit-rpm, limit-rps.

To configure settings globally for all Ingress rules, the limit-rate-after and limit-rate values may be set in the NGINX ConfigMap. The value set in an Ingress annotation will override the global setting.

The client IP address will be set based on the use of PROXY protocol or from the X-Forwarded-For header value when use-forwarded-headers is enabled.

There is medium tutorial about Rate-limiting for your Kubernetes applications with kubernetes ingress.

Nginx ingress

There is documentation about that in nginx ingress.

If you're confused why I mentioned both kubernetes and nginx ingress, take a look here

There are two popular Kubernetes Ingress controllers that use NGINX – both are open source and hosted on GitHub. One is maintained by the Kubernetes open source community (kubernetes/ingress-nginx on GitHub) and one is maintained by NGINX, Inc. (nginxinc/kubernetes-ingress on GitHub)

Hope you find this useful.

Upvotes: 1

Related Questions