DriveM.RateLimit.Core
1.2.0
dotnet add package DriveM.RateLimit.Core --version 1.2.0
NuGet\Install-Package DriveM.RateLimit.Core -Version 1.2.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="DriveM.RateLimit.Core" Version="1.2.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="DriveM.RateLimit.Core" Version="1.2.0" />
<PackageReference Include="DriveM.RateLimit.Core" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add DriveM.RateLimit.Core --version 1.2.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: DriveM.RateLimit.Core, 1.2.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#addin nuget:?package=DriveM.RateLimit.Core&version=1.2.0
#tool nuget:?package=DriveM.RateLimit.Core&version=1.2.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
RateLimit.Core
A reusable rate limiting library for .NET 8 microservices. This library provides flexible and configurable rate limiting functionality that can be easily integrated into any ASP.NET Core application.
Features
- Method-level rate limiting using attributes
- Global rate limiting for the entire application
- Multiple client identifier strategies (IP address, IP+Path, User ID, Custom header)
- Customizable headers for rate limit information
- Distributed cache support for scalable deployments
- Simple integration with dependency injection
- Configuration from appsettings.json or code
Installation
dotnet add package DriveM.RateLimit.Core
Quick Start
- Register rate limiting services in your
Program.csfile using one of two methods:
Option 1: Configure in code
// Add rate limiting services with code configuration
builder.Services.AddRateLimiting(options =>
{
// Configure global rate limiting
options.EnableGlobalRateLimiting = true;
options.DefaultMaxRequests = 100; // 100 requests
options.DefaultTimeWindowInSeconds = 60; // per minute
// Configure client identification method for global rate limiting
options.GlobalClientResolverStrategy = ClientResolverStrategy.IpAddress;
});
Option 2: Configure from appsettings.json
Add a RateLimit section to your appsettings.json:
{
"RateLimit": {
"EnableGlobalRateLimiting": true,
"DefaultMaxRequests": 100,
"DefaultTimeWindowInSeconds": 60,
"GlobalClientResolverStrategy": "IpAddress",
"StatusCode": 429,
"IncludeRateLimitHeaders": true,
"RateLimitHeader": "X-RateLimit-Limit",
"RateLimitRemainingHeader": "X-RateLimit-Remaining",
"ClientIdentifierHeader": "X-ClientId"
}
}
Then register the services using the configuration:
// Add rate limiting services from configuration
builder.Services.AddRateLimiting(builder.Configuration);
// Or specify a custom section name
// builder.Services.AddRateLimiting(builder.Configuration, "CustomRateLimitSection");
- Add the middleware to your application pipeline:
// Add rate limiting middleware - place before endpoints/controllers
app.UseRateLimiting();
app.MapControllers();
- Apply rate limiting to specific controller actions:
[HttpGet]
[RateLimit(MaxRequests = 5, TimeWindowInSeconds = 60)] // 5 requests per minute
public IActionResult Get()
{
return Ok("Rate limited endpoint");
}
Advanced Configuration
Global Settings and Attribute Inheritance
You can configure global rate limit settings and then selectively override them at the endpoint level. Values that are not explicitly specified in the attribute will be inherited from global settings:
// In Program.cs - set global defaults
builder.Services.AddRateLimiting(options =>
{
options.EnableGlobalRateLimiting = true;
options.DefaultMaxRequests = 100; // 100 requests global default
options.DefaultTimeWindowInSeconds = 60; // 60 second window global default
});
// Endpoint with fully custom settings (ignores global defaults)
[RateLimit(MaxRequests = 5, TimeWindowInSeconds = 30)]
public IActionResult FullyCustom() { ... }
// Endpoint that inherits time window from global, but customizes max requests
[RateLimit(MaxRequests = 5)]
public IActionResult CustomRequestsOnly() { ... } // Uses 5 requests per 60 seconds
// Endpoint that only customizes the client resolver but uses global limits
[RateLimit(ClientResolverStrategy = ClientResolverStrategy.UserId)]
public IActionResult CustomStrategyOnly() { ... } // Uses 100 requests per 60 seconds
// Endpoints without attributes still get global rate limiting (if enabled)
public IActionResult NoAttribute() { ... } // Falls back to global limits
This flexibility allows you to establish baseline limits for your API while fine-tuning specific endpoints as needed.
Client Identification Strategies
The library supports several strategies for identifying clients:
// IP Address only (default)
[RateLimit(MaxRequests = 10, TimeWindowInSeconds = 60, ClientResolverStrategy = ClientResolverStrategy.IpAddress)]
// IP Address + Request Path
[RateLimit(MaxRequests = 5, TimeWindowInSeconds = 30, ClientResolverStrategy = ClientResolverStrategy.IpAndPath)]
// User ID (from claims)
[RateLimit(MaxRequests = 20, TimeWindowInSeconds = 60, ClientResolverStrategy = ClientResolverStrategy.UserId)]
// Custom header
[RateLimit(MaxRequests = 100, TimeWindowInSeconds = 60, ClientResolverStrategy = ClientResolverStrategy.CustomHeader)]
When using CustomHeader, you can specify the header name in options:
services.AddRateLimiting(options =>
{
options.ClientIdentifierHeader = "X-API-Key";
});
Custom Response Headers
services.AddRateLimiting(options =>
{
options.IncludeRateLimitHeaders = true;
options.RateLimitHeader = "X-RateLimit-Limit";
options.RateLimitRemainingHeader = "X-RateLimit-Remaining";
});
Using with Distributed Cache
For scaling across multiple instances, use a distributed cache implementation:
// Add your preferred distributed cache implementation
builder.Services.AddStackExchangeRedisCache(options =>
{
options.Configuration = "localhost:6379";
});
// Register rate limiting services
builder.Services.AddRateLimiting();
Package Creation and Publishing
For detailed instructions on how to create and publish the NuGet package for this library, please refer to the NUGET.md documentation.
License
MIT
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net8.0
- Microsoft.Extensions.Caching.Abstractions (>= 8.0.0)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 8.0.0)
- Newtonsoft.Json (>= 13.0.3)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.