RateBanGuard 1.0.0
dotnet add package RateBanGuard --version 1.0.0
NuGet\Install-Package RateBanGuard -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="RateBanGuard" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="RateBanGuard" Version="1.0.0" />
<PackageReference Include="RateBanGuard" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add RateBanGuard --version 1.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: RateBanGuard, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#addin nuget:?package=RateBanGuard&version=1.0.0
#tool nuget:?package=RateBanGuard&version=1.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
RateBanGuard
ASP.NET Core Middleware für kombinierte Rate Limiting und IP Blockierung bei Auth-Fehlern
Features
- Rate Limiting: Globale Anfragebegrenzung
- Banning-Logik: Automatische IP-Sperre nach wiederholten Verstößen
- Anpassbare Thresholds: Dynamische Anpassung von Limits und Sperrzeiten
Installation
dotnet add package RateBanGuard
Quickstart
appsettings.json
"RateBanGuard": {
"RateLimitWindow": "00:00:30",
"RateLimitMaxRequests": 2,
"MaxFailedAttempts": 2,
"BanDuration": "00:01:00",
"RespondOnBan": false,
"EnableAccessLog": true,
"LogPath": "./access.log",
"LogFormat": "{timestamp} [{ip}] {method} {path} {statusCode} (user: {user})",
"ExcludedPaths": [
"/WeatherForecast/public"
],
"IncludedPaths": [
"/WeatherForecast/restricted"
],
"Whitelist": [
"::2",
"192.168.1.0/24", // Lokales Netzwerk
"2001:db8:85a3::/48", // IPv6-Bereich
"203.0.113.42" // Einzelne IP
],
"Blacklist": [
"10.0.0.0/8", // Privates Netzwerk blockieren
"169.254.0.0/16", // Link-Local blockieren
"198.51.100.5" // Spezifische bösartige IP
]
}
Rate Limits
"RateLimitWindow": "00:00:30",
"RateLimitMaxRequests": 2, --> 2 Anfragen per 30 Sekunden
Bei RateLimitMaxRequests: 0 wird kein Rate Limit angewand.
Ban Konfiguration
"MaxFailedAttempts": 2,
"BanDuration": "00:01:00", --> nach 2 Auth Errors, 1 Minute blocken
Bei MaxFailedAttempts: 0 wird kein Bam angewand.
Ban Konfiguration
"MaxFailedAttempts": 2,
"BanDuration": "00:01:00", --> nach 2 Auth Errors, 1 Minute blocken
"RespondOnBan": false, --> true: return 403 Response, false: return "no Response" (Anfrage wird abgebrochen)
Log Konfiguration
"EnableAccessLog": true, --> AccessLog aktivieren
"LogPath": "./access.log", --> Acceslog Pfad
"LogFormat": "{timestamp} [{ip}] {method} {path} {statusCode} (user: {user})", --> Accesslog Format
Exclude / Include
"ExcludedPaths": [
"/WeatherForecast/public"
],
"IncludedPaths": [
"/WeatherForecast/restricted"
],
Ist der Include Path leer werden alle Pfade (bis auf Excluded) überwacht.
White- / Blacklist
"Whitelist": [
"::2",
"192.168.1.0/24", // Lokales Netzwerk
"2001:db8:85a3::/48", // IPv6-Bereich
"203.0.113.42" // Einzelne IP
],
"Blacklist": [
"10.0.0.0/8", // Privates Netzwerk blockieren
"169.254.0.0/16", // Link-Local blockieren
"198.51.100.5" // Spezifische bösartige IP
]
Whitelisted Einträge sind keiner Rate / Ban Logik unterzogen.
Setup
var builder = WebApplication.CreateBuilder(args);
...
builder.Services.Configure<RateBanGuardOptions>(builder.Configuration.GetSection("RateBanGuard"));
builder.Services.AddAuthentication();
builder.Services.AddAuthorization();
var app = builder.Build();
// Empfohlene Middleware-Reihenfolge:
// UseForwardedHeaders, UseHsts, UseHttpsRedirection, UseFail2BanMiddleware
// Wenn der Service z.B. hinter Traefik läuft müssen die Header weitergegeben werden.
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto,
ForwardLimit = 2, // Anzahl erlaubter Proxies
KnownProxies = { IPAddress.Parse("10.0.1.100") }, // IPs der eigenen Proxies
RequireHeaderSymmetry = true
});
app.UseHsts();
app.UseHttpsRedirection();
// Vor UseAuthentication und UseAuthorization
app.UseMiddleware<RateBanGuardMiddleware>();
app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();
app.Run();
Response Codes
429 Too Many Requests
: Rate Limit erreicht403 Forbidden
: IP-Adresse gebannt
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net8.0 is compatible. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.
-
net8.0
- IPAddressRange (>= 6.2.0)
- Microsoft.AspNetCore.Http.Abstractions (>= 2.3.0)
- Microsoft.Extensions.Options (>= 9.0.4)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated |
---|---|---|
1.0.0 | 135 | 5/6/2025 |