Home

AspNetCoreRateLimit

AspNetCoreRateLimit is an ASP.NET Core rate limiting solution designed to control the rate of requests that clients can make to a Web API or MVC app based on IP address or client ID. The AspNetCoreRateLimit NuGet package contains an IpRateLimitMiddleware and a ClientRateLimitMiddleware, with each middleware you can set multiple limits for different scenarios like allowing an IP or Client to make a maximum number of calls in a time interval like per second, 15 minutes, etc. You can define these limits to address all requests made to an API or you can scope the limits to each API URL or HTTP verb and path.

AspNetCoreRateLimit targets both netstandard2.0 & netcoreapp3.1. The package has the following dependencies:

.NETCoreApp 3.1
Microsoft.Extensions.Caching.Abstractions (>= 3.1.9)
Microsoft.Extensions.Logging.Abstractions (>= 3.1.9)
Microsoft.Extensions.Options (>= 3.1.9)
Newtonsoft.Json (>= 13.0.1)

.NETStandard 2.0
Microsoft.AspNetCore.Http.Abstractions (>= 2.1.0)
Microsoft.Extensions.Caching.Abstractions (>= 2.1.0)
Microsoft.Extensions.Logging.Abstractions (>= 2.1.0)
Microsoft.Extensions.Options (>= 2.1.0)
Newtonsoft.Json (>= 13.0.1)

.NET 5.0
Microsoft.Extensions.Caching.Abstractions (>= 5.0.0)
Microsoft.Extensions.Logging.Abstractions (>= 5.0.0)
Microsoft.Extensions.Options (>= 5.0.0)
Newtonsoft.Json (>= 13.0.1)

Version 4.0.0 Breaking Changes - TODO

Version 3.0.0 Breaking Changes

Rate limiting based on client IP

• Setup and configuration
• Defining rate limit rules
• Behavior
• Update rate limits at runtime

Rate limiting based on client ID

• Setup and configuration
• Defining rate limit rules
• Behavior
• Update rate limits at runtime

Advanced configuration

• IP / ClientId Resolve Contributors
• Quota Exceeded Response Customization
• Using Redis as a distributed counter store