WebApiThrottle Versions Save

Change log

• Fix ThrottlePolicy.Rates serialization #106

Change log

• Fixed ability to override ComputeThrottleKey #105

Change log

• StrongName version NuGet package
• Handle X-Forward-For when proxy is being used #75
• fix QuotaExceededContent for ThrottlingFilter #84
• IP address parse fix to handle X-Forwarded-For with ports #83
• Allow RequestIdentity object to force a whitelisting of a request #80

Change log

• renamed SetIndentity to SetIdentity _Breaking change_
• demo project clean up
• build and deploy with AppVeyor

ASP.NET Core version

If you are looking for the ASP.NET Core version see AspNetCoreRateLimit project.

AspNetCoreRateLimit is a full rewrite of WebApiThrottle and offers more flexibility in configuring rate limiting for Web API and MVC apps.

Change log

• Added the ability to resolve IP addresses based on custom logic, this allows scenario's such as extracting client's IP from akamai headers
• Demo and readme update to include CustomIpAddressParser

Thanks to all contributors!

Change log

• Use HashAlgorithm.Create(string) so that .NET loads FIPS-compliant hash algorithms if available on the local machine
• Added QuotaExceededContent for object/json responses
• Added support for json responses

Thanks to all contributors!

Change log

• Microsoft.AspNet.WebApi and Microsoft.AspNet.WebApi.WebHost dependencies removed
• Update Microsoft.AspNet.WebApi.Core dependency to 5.2.3
• Update Microsoft.Owin dependency to 3.0.1
• Fix white-list loading from config files

NuGet dependencies graph

OWIN Middleware

Introducing ThrottlingMiddleware, an OWIN middleware component that works the same as the ThrottlingHandler. With the ThrottlingMiddleware you can target endpoints outside of the WebAPI area, like OAuth middleware or SignalR endpoints.

Configuration example:

public class Startup
{
    public void Configuration(IAppBuilder appBuilder)
    {

    //throtting middleware with policy loaded from config
    appBuilder.Use(typeof(ThrottlingMiddleware),
        ThrottlePolicy.FromStore(new PolicyConfigurationProvider()),
        new PolicyCacheRepository(),
        new CacheRepository(),
        null);

    }
}

More examples here

Features

• Update rate limits at runtime with PolicyCacheRepository and ThrottleManage - documentation
• New interface IPolicyRepository used for for storing and retrieving of policy data (global limits, clients rate limits and white-lists) - documentation
• New helper class ThrottleManager used for customizing the cache keys with prefix/suffix and for policy cache refresh
• Attribute-based rate limiting with ThrottlingFilter and EnableThrottlingAttribute - documentation

Upgrade from older versions

There are no breaking changes in v1.2, you can safely update via NuGet.

If you want to use the rate limits update feature, you'll need to change the ThrottlingHandler initialization code and use the new constructor ThrottlingHandler(ThrottlePolicy policy, IPolicyRepository policyRepository, IThrottleRepository repository, IThrottleLogger logger).

Register message handler (IIS hosting)

config.MessageHandlers.Add(new ThrottlingHandler(
    policy: new ThrottlePolicy(perSecond: 1, perMinute: 20, perHour: 100, perDay: 1500)
    {
        IpThrottling = true,
        ClientThrottling = true,
        EndpointThrottling = true
    },
    policyRepository: new PolicyCacheRepository(),
    repository: new CacheRepository(),
    logger: null));

Register action filter with rate limits loaded from app.config (IIS hosting)

config.Filters.Add(new ThrottlingFilter(
    policy: ThrottlePolicy.FromStore(new PolicyConfigurationProvider()),
    policyRepository: new PolicyCacheRepository(),
    repository: new CacheRepository(),
    logger: null));

Update policy from code (IIS hosting)

    //init policy repo
    var policyRepository = new PolicyCacheRepository();

    //get policy object from cache
    var policy = policyRepository.FirstOrDefault(ThrottleManager.GetPolicyKey());

    //update client rate limits
    policy.ClientRules["api-client-key-1"] =
        new RateLimits { PerMinute = 80, PerHour = 800 };

    //add new client rate limits
    policy.ClientRules.Add("api-client-key-3",
        new RateLimits { PerMinute = 60, PerHour = 600 });

    //apply policy updates
    ThrottleManager.UpdatePolicy(policy, policyRepository);

Register message handler with rate limits loaded from app.config (Owin self-hosting)

config.MessageHandlers.Add(new ThrottlingHandler(
    policy: ThrottlePolicy.FromStore(new PolicyConfigurationProvider()),
    policyRepository: new PolicyMemoryCacheRepository(),
    repository: new MemoryCacheRepository(),
    logger: null));

Features

• self-hosting OWIN support added - demo project
• throttler policy can be defined in web.config or app.config
• added IThrottlePolicyProvider interface that allows loading at app startup the policy rules and settings from a persistent store like a database

Requirements

Version 1.1 is compatible with .NET 4.5.x and has the following dependencies:

• Microsoft.AspNet.WebApi (≥ 5.0.0)
• Microsoft.Owin (≥ 2.0.0)
• Newtonsoft.Json (≥ 4.5.11)

To avoid version conflicts redirect bindings for Owin and System.Web.Http in config:

<runtime>
  <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
    <dependentAssembly>
      <assemblyIdentity name="Microsoft.Owin" publicKeyToken="31bf3856ad364e35" culture="neutral" />
      <bindingRedirect oldVersion="0.0.0.0-2.1.0.0" newVersion="2.1.0.0" />
    </dependentAssembly>
    <dependentAssembly>
      <assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" />
      <bindingRedirect oldVersion="0.0.0.0-5.1.0.0" newVersion="5.1.0.0" />
    </dependentAssembly>
  </assemblyBinding>
</runtime>

Upgrade from 1.0.x

There are no breaking changes in v1.1, you can safely update via NuGet.