4,817 questions
rate limit is just an api. your code supplies the implementation.
.NET 7 Rate Limit by real IP from Cloudflare?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(137.6, 40%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AG
521
Reputation points
Hi,
I can see that .NET 7 now support Rate Limiting and I wounder if it support the real IP address of the consumer that Cloudflare is sending with each request in a Header name CF-Connecting-IP ?
Thanks,
AG
Developer technologies | ASP.NET | ASP.NET Core
4 answers
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 61%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Bruce (SqlWork.com) 77,766 Reputation points Volunteer Moderator2022-10-25T16:33:30.24+00:00 -
AG 521 Reputation points
2022-10-30T12:29:51.373+00:00 Will be much appreciated for a starting point how to "tell" .NET 7 Rate Limiter to take the real IP from CF-Connecting-IP header on each request.
I am currently using https://gist.github.com/jjxtra/3b240b31a1ed3ad783a7dcdb6df12c36 Extension in my other code but I have no starting point how to for .NET 7 Rate Limiter.Thanks,
AG-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 98%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERN%3C/text%3E%3C/svg%3E)
Rena Ni - MSFT 2,066 Reputation points2022-11-03T09:10:20.767+00:00 Hi @AG , for rate limiting, I think you need learn this document:Announcing Rate Limiting for .NET
-
Bruce (SqlWork.com) 77,766 Reputation points Volunteer Moderator
2022-11-03T15:49:27.993+00:00 you give no requirements. you probably want to partition rate limiter, but no idea of how you want to limit:
builder.Services.AddRateLimiter(options => { options.GlobalLimiter = PartitionedRateLimiter.Create<HttpContext, string>(httpContext => RateLimitPartition.GetFixedWindowLimiter( partitionKey: httpContext. GetRemoteIPAddress().ToString(), factory: partition => new FixedWindowRateLimiterOptions { AutoReplenishment = true, PermitLimit = 10, QueueLimit = 0, Window = TimeSpan.FromMinutes(1) })); });note: this is a rather naive implementation, as partitions are never cleaned up, just added. you would probably want a pool of partitons, that the request is assigned to. this requires tracking the activity and assents to the pools
Sign in to comment -
-
AG 521 Reputation points
2022-11-10T10:44:49.72+00:00 I would like to rate limit based on the real IP of the connected client where Cloudflare sends in a Header "CF-Connecting-IP" based on your code I have tried using
httpContext.Request.Headers["CF-Connecting-IP"].ToString()and the Extension method like thishttpContext.GetCloudflareIPAddress().ToString()but when trying to connect using my PC and my other PC with VPN so they are two difference IP's rate limiting is acting like I am arriving from one IP so when IP1 is blocked also IP2 is blocked where IP2 should be free to make requests as it doesn't reached the limit yet.builder.Services.AddRateLimiter(options => { options.RejectionStatusCode = 429; options.GlobalLimiter = PartitionedRateLimiter.Create<HttpContext, string>(httpContext => RateLimitPartition.GetFixedWindowLimiter( //partitionKey: httpContext.Request.Headers["CF-Connecting-IP"].ToString(), partitionKey: httpContext.GetCloudflareIPAddress().ToString(), factory: partition => new FixedWindowRateLimiterOptions { AutoReplenishment = true, PermitLimit = 5, QueueLimit = 0, Window = TimeSpan.FromSeconds(30) })); });I would also like to add policies based rate limiting in order to set them to a specific Controller\Action for example
[EnableRateLimitingAttribute("API")]so I have tried the following code but this is not working like the above problem.builder.Services.AddRateLimiter(options => { options.RejectionStatusCode = 429; options.AddPolicy("API", httpContext => RateLimitPartition.GetFixedWindowLimiter(httpContext.Request.Headers["CF-Connecting-IP"].ToString(), partition => new FixedWindowRateLimiterOptions { AutoReplenishment = true, PermitLimit = 5, Window = TimeSpan.FromSeconds(30) })); }); app.MapControllers().RequireRateLimiting("API");Regards,
AG -
AG 521 Reputation points
2022-11-11T10:44:43.05+00:00 Some more research leads me to the following code for my API MVC.
At Program.cs file:
builder.Services.AddRateLimiter(options => { options.RejectionStatusCode = 429; options.AddPolicy("API", httpContext => RateLimitPartition.GetFixedWindowLimiter(httpContext.Request.Headers["CF-Connecting-IP"].ToString(), partition => new FixedWindowRateLimiterOptions { AutoReplenishment = true, PermitLimit = 5, Window = TimeSpan.FromSeconds(10) })); }); app.UseRateLimiter();At WeatherForecastController.cs files:
[HttpGet] [EnableRateLimiting("API")] public IEnumerable<WeatherForecast> Get() { return Enumerable.Range(1, 5).Select(index => new WeatherForecast { Date = DateTime.Now.AddDays(index), TemperatureC = Random.Shared.Next(-20, 55), Summary = Summaries[Random.Shared.Next(Summaries.Length)] }) .ToArray(); }Regards,
AG