From 948aab91fc249c248b85be5107e2993828621b19 Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Sun, 8 Dec 2013 13:16:04 +0200 Subject: [PATCH 1/3] Create README.md --- README.md | 109 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..f9c839f --- /dev/null +++ b/README.md @@ -0,0 +1,109 @@ +WebApiThrottle +============== + +ASP.NET Web API Throttling handler is designed for controlling the rate of requests that clients +can make to an Web API based on IP address, client API key and request route. + +Web API throttling can be configured using the built-in ThrottlePolicy, you can set multiple limits +for different scenarios like allowing an IP or Client to make a maximum number of calls per second, per minute, per hour or even per day. +You can define these limits to address all requests made to an API or you can scope the limits to each API route. + +###Global throttling based on IP + +The setup bellow will limit the number of requests originated from the same IP. +If from the same IP, in same second, you'll make a call to api/values and api/values/1 the last call will get blocked. + +``` cs +public static class WebApiConfig +{ + public static void Register(HttpConfiguration config) + { + config.MessageHandlers.Add(new ThrottlingHandler() + { + Policy = new ThrottlePolicy(perSecond: 1, perMinute: 20, perHour: 200, perDay: 1500) + { + IpThrottling = true + }, + Repository = new CacheRepository() + }); + } +} +``` + +###Endpoint throttling based on IP + +If from the same IP, in same second, you'll make two calls to api/values the last call will get blocked. + +``` cs +config.MessageHandlers.Add(new ThrottlingHandler() +{ + Policy = new ThrottlePolicy(perSecond: 1, perMinute: 30) + { + IpThrottling = true, + EndpointThrottling = true + }, + Repository = new CacheRepository() +}); +``` + +###Endpoint throttling based on IP and Client Key + +If a client (identified by an unique API key) from the same IP, in same second, makes two calls to api/values, then the last call will get blocked. + +``` cs +config.MessageHandlers.Add(new ThrottlingHandler() +{ + Policy = new ThrottlePolicy(perSecond: 1, perMinute: 30) + { + IpThrottling = true, + ClientThrottling = true, + EndpointThrottling = true + }, + Repository = new CacheRepository() +}); +``` + +###IP and/or Client Key White-listing + +If requests are initiated from an white-listed IP or Client, then the throttling policy will not be applied and the requests will not be stored. + +``` cs +config.MessageHandlers.Add(new ThrottlingHandler() +{ + Policy = new ThrottlePolicy(perSecond: 2, perMinute: 60) + { + IpThrottling = true, + IpWhitelist = new List { "::1", "10.0.0.1" }, + ClientThrottling = true, + ClientWhitelist = new List { "admin-key" } + }, + Repository = new CacheRepository() +}); +``` + +###IP and/or Client Key custom rate limits + +You can define custom limits for known IPs or Client keys, these limits will override the default ones. Be aware that a custom limit will work only if you have defined a global counterpart. + +``` cs +config.MessageHandlers.Add(new ThrottlingHandler() +{ + Policy = new ThrottlePolicy(perSecond: 1, perMinute: 20, perHour: 200, perDay: 1500) + { + IpThrottling = true, + IpRules = new Dictionary + { + { "192.168.0.1", new RateLimits { PerSecond = 2 } }, + { "192.168.1.2", new RateLimits { PerMinute = 30, PerHour = 30*60, PerDay = 30*60*24 } } + }, + + ClientThrottling = true, + ClientRules = new Dictionary + { + { "api-client-key-1", new RateLimits { PerMinute = 40, PerHour = 400 } }, + { "api-client-key-9", new RateLimits { PerDay = 5000 } } + } + }, + Repository = new CacheRepository() +}); +``` From 46c1ef61aaeaba4645b1c54254e8c6c84d9992fc Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Sun, 8 Dec 2013 13:18:06 +0200 Subject: [PATCH 2/3] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f9c839f..aee1474 100644 --- a/README.md +++ b/README.md @@ -74,6 +74,7 @@ config.MessageHandlers.Add(new ThrottlingHandler() { IpThrottling = true, IpWhitelist = new List { "::1", "10.0.0.1" }, + ClientThrottling = true, ClientWhitelist = new List { "admin-key" } }, From ee9f2344b2bffa9c170d4cc7858a471568074f9a Mon Sep 17 00:00:00 2001 From: Stefan Prodan Date: Sun, 8 Dec 2013 13:40:57 +0200 Subject: [PATCH 3/3] Update README.md --- README.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index aee1474..8f6d20c 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,7 @@ public static class WebApiConfig ###Endpoint throttling based on IP If from the same IP, in same second, you'll make two calls to api/values the last call will get blocked. +But if in the same second you'll call api/values/1 too, the request will get throw because it's a different route. ``` cs config.MessageHandlers.Add(new ThrottlingHandler() @@ -48,7 +49,8 @@ config.MessageHandlers.Add(new ThrottlingHandler() ###Endpoint throttling based on IP and Client Key -If a client (identified by an unique API key) from the same IP, in same second, makes two calls to api/values, then the last call will get blocked. +If a client (identified by an unique API key) from the same IP, in same second, makes two calls to api/values, then the last call will get blocked. +If you want to apply limits to clients regarding of their IPs then you should set IpThrottling to false. ``` cs config.MessageHandlers.Add(new ThrottlingHandler() @@ -65,7 +67,7 @@ config.MessageHandlers.Add(new ThrottlingHandler() ###IP and/or Client Key White-listing -If requests are initiated from an white-listed IP or Client, then the throttling policy will not be applied and the requests will not be stored. +If requests are initiated from an white-listed IP or Client, then the throttling policy will not be applied and the requests will not get stored. ``` cs config.MessageHandlers.Add(new ThrottlingHandler() @@ -84,7 +86,7 @@ config.MessageHandlers.Add(new ThrottlingHandler() ###IP and/or Client Key custom rate limits -You can define custom limits for known IPs or Client keys, these limits will override the default ones. Be aware that a custom limit will work only if you have defined a global counterpart. +You can define custom limits for known IPs or Client Keys, these limits will override the default ones. Be aware that a custom limit will work only if you have defined a global counterpart. ``` cs config.MessageHandlers.Add(new ThrottlingHandler() @@ -102,7 +104,7 @@ config.MessageHandlers.Add(new ThrottlingHandler() ClientRules = new Dictionary { { "api-client-key-1", new RateLimits { PerMinute = 40, PerHour = 400 } }, - { "api-client-key-9", new RateLimits { PerDay = 5000 } } + { "api-client-key-9", new RateLimits { PerDay = 2000 } } } }, Repository = new CacheRepository()