ASP.NET Web API Throttling handler is designed to control the rate of requests that clients can make to a Web API based on IP address, client API key and request route. WebApiThrottle is compatible with Web API v2 and can be installed via NuGet, the package is available atnuget.org/packages/WebApiThrottle.

Web API throttling can be configured using the built-in ThrottlePolicy. You can set multiple limits for different scenarios like allowing an IP or Client to make a maximum number of calls per second, per minute, per hour or even per day. You can define these limits to address all requests made to an API or you can scope the limits to each API route.

Global throttling based on IP

The setup bellow will limit the number of requests originated from the same IP.
If from the same IP, in same second, you’ll make a call to api/values and api/values/1 the last call will get blocked.

public static class WebApiConfig

{

    public static void Register(HttpConfiguration config)

    {

        config.MessageHandlers.Add(new ThrottlingHandler()

        {

            Policy = new ThrottlePolicy(perSecond: 1, perMinute: 20,

            perHour: 200, perDay: 1500, perWeek: 3000)

            {

                IpThrottling = true

            },

            Repository = new CacheRepository()

        });

    }

}

If you are self-hosting WebApi with Owin, then you’ll have to switch to MemoryCacheRepository that uses the runtime memory cache instead of CacheRepository that uses ASP.NET cache.

public class Startup

{

    public void Configuration(IAppBuilder appBuilder)

    {

        // Configure Web API for self-host.

        HttpConfiguration config = new HttpConfiguration();

        //Register throttling handler

        config.MessageHandlers.Add(new ThrottlingHandler()

        {

            Policy = new ThrottlePolicy(perSecond: 1, perMinute: 20,

            perHour: 200, perDay: 1500, perWeek: 3000)

            {

                IpThrottling = true

            },

            Repository = new MemoryCacheRepository()

        });

        appBuilder.UseWebApi(config);

    }

}

Endpoint throttling based on IP

If, from the same IP, in the same second, you’ll make two calls to api/values, the last call will get blocked.
But if in the same second you call api/values/1 too, the request will go through because it’s a different route.

config.MessageHandlers.Add(new ThrottlingHandler()

{

    Policy = new ThrottlePolicy(perSecond: 1, perMinute: 30)

    {

        IpThrottling = true,

        EndpointThrottling = true

    },

    Repository = new CacheRepository()

});

Endpoint throttling based on IP and Client Key

If a client (identified by an unique API key) from the same IP, in the same second, makes two calls toapi/values, then the last call will get blocked.
If you want to apply limits to clients regardless of their IPs then you should set IpThrottling to false.

config.MessageHandlers.Add(new ThrottlingHandler()

{

    Policy = new ThrottlePolicy(perSecond: 1, perMinute: 30)

    {

        IpThrottling = true,

        ClientThrottling = true,

        EndpointThrottling = true

    },

    Repository = new CacheRepository()

});

IP and/or Client Key White-listing

If requests are initiated from a white-listed IP or Client, then the throttling policy will not be applied and the requests will not get stored. The IP white-list supports IP v4 and v6 ranges like “192.168.0.0/24″, “fe80::/10″ and “192.168.0.0-192.168.0.255″ for more information check jsakamoto/ipaddressrange.

config.MessageHandlers.Add(new ThrottlingHandler()

{

    Policy = new ThrottlePolicy(perSecond: 2, perMinute: 60)

    {

        IpThrottling = true,

        IpWhitelist = new List<string> { "::1", "192.168.0.0/24" },

        ClientThrottling = true,

        ClientWhitelist = new List<string> { "admin-key" }

    },

    Repository = new CacheRepository()

});

IP and/or Client Key custom rate limits

You can define custom limits for known IPs or Client Keys, these limits will override the default ones. Be aware that a custom limit will only work if you have defined a global counterpart.

config.MessageHandlers.Add(new ThrottlingHandler()

{

    Policy = new ThrottlePolicy(perSecond: 1, perMinute: 20, perHour: 200, perDay: 1500)

    {

        IpThrottling = true,

        IpRules = new Dictionary<string, RateLimits>

        {

            { "192.168.1.1", new RateLimits { PerSecond = 2 } },

            { "192.168.2.0/24", new RateLimits { PerMinute = 30 } }

        },

        ClientThrottling = true,

        ClientRules = new Dictionary<string, RateLimits>

        {

            { "api-client-key-1", new RateLimits { PerMinute = 40 } },

            { "api-client-key-9", new RateLimits { PerDay = 2000 } }

        }

    },

    Repository = new CacheRepository()

});

Endpoint custom rate limits

You can also define custom limits for certain routes, these limits will override the default ones.
You can define endpoint rules by providing relative routes like api/entry/1 or just a URL segment like/entry/.
The endpoint throttling engine will search for the expression you’ve provided in the absolute URI,
if the expression is contained in the request route then the rule will be applied.
If two or more rules match the same URI then the lower limit will be applied.

config.MessageHandlers.Add(new ThrottlingHandler()

{

    Policy = new ThrottlePolicy(perSecond: 1, perMinute: 20, perHour: 200)

    {

        IpThrottling = true,

        ClientThrottling = true,

        EndpointThrottling = true,

        EndpointRules = new Dictionary<string, RateLimits>

        {

            { "api/search",

            new RateLimits { PerScond = 10, PerMinute = 100, PerHour = 1000 } }

        }

    },

    Repository = new CacheRepository()

});

Stack rejected requests

By default, rejected calls are not added to the throttle counter. If a client makes 3 requests per second
and you’ve set a limit of one call per second, the minute, hour and day counters will only record the first call, the one that wasn’t blocked.
If you want rejected requests to count towards the other limits, you’ll have to setStackBlockedRequests to true.

config.MessageHandlers.Add(new ThrottlingHandler()

{

    Policy = new ThrottlePolicy(perSecond: 1, perMinute: 30)

    {

        IpThrottling = true,

        ClientThrottling = true,

        EndpointThrottling = true,

        StackBlockedRequests = true

    },

    Repository = new CacheRepository()

});

Define rate limits in web.config or app.config

WebApiThrottle comes with a custom configuration section that lets you define the throttle policy as xml.

config.MessageHandlers.Add(new ThrottlingHandler()

{

    Policy = ThrottlePolicy.FromStore(new PolicyConfigurationProvider()),

    Repository = new CacheRepository()

});

Config example (policyType values are 1 – IP, 2 – ClientKey, 3 – Endpoint):

<configuration>

  <configSections>

    <section name="throttlePolicy"

             type="WebApiThrottle.ThrottlePolicyConfiguration, WebApiThrottle" />

  </configSections>

  <throttlePolicy limitPerSecond="1"

                  limitPerMinute="10"

                  limitPerHour="30"

                  limitPerDay="300"

                  limitPerWeek ="1500"

                  ipThrottling="true"

                  clientThrottling="true"

                  endpointThrottling="true">

    <rules>

      <add policyType="1" entry="::1/10"

           limitPerSecond="2"

           limitPerMinute="15"/>

      <add policyType="1" entry="192.168.2.1"

           limitPerMinute="12" />

      <add policyType="2" entry="api-client-key-1"

           limitPerHour="60" />

      <add policyType="3" entry="api/values"

           limitPerDay="120" />

    </rules>

    <whitelists>

      <add policyType="1" entry="127.0.0.1" />

      <add policyType="1" entry="192.168.0.0/24" />

      <add policyType="2" entry="api-admin-key" />

    </whitelists>

  </throttlePolicy>

</configuration>

Retrieving API Client Key

By default, the ThrottlingHandler retrieves the client API key from the “Authorization-Token” request header value.
If your API key is stored differently, you can override the ThrottlingHandler.SetIndentity function and specify your own retrieval method.

public class CustomThrottlingHandler : ThrottlingHandler

{

    protected override RequestIndentity SetIndentity(HttpRequestMessage request)

    {

        return new RequestIndentity()

        {

            ClientKey = request.Headers.GetValues("Authorization-Key").First(),

            ClientIp = base.GetClientIp(request).ToString(),

            Endpoint = request.RequestUri.AbsolutePath

        };

    }

}

Storing throttle metrics

WebApiThrottle stores all request data in-memory using ASP.NET Cache when hosted in IIS or Runtime MemoryCache when self-hosted with Owin. If you want to change the storage to
Velocity, MemCache or a NoSQL database, all you have to do is create your own repository by implementing the IThrottleRepository interface.

public interface IThrottleRepository

{

    bool Any(string id);

    ThrottleCounter? FirstOrDefault(string id);

    void Save(string id, ThrottleCounter throttleCounter, TimeSpan expirationTime);

    void Remove(string id);

    void Clear();

}

Logging throttled requests

If you want to log throttled requests you’ll have to implement IThrottleLogger interface and provide it to the ThrottlingHandler.

public interface IThrottleLogger

{

    void Log(ThrottleLogEntry entry);

}

Logging implementation example with ITraceWriter

public class TracingThrottleLogger : IThrottleLogger

{

    private readonly ITraceWriter traceWriter;

    public TracingThrottleLogger(ITraceWriter traceWriter)

    {

        this.traceWriter = traceWriter;

    }

    public void Log(ThrottleLogEntry entry)

    {

        if (null != traceWriter)

        {

            traceWriter.Info(entry.Request, "WebApiThrottle",

                "{0} Request {1} from {2} has been throttled (blocked), quota {3}/{4} exceeded by {5}",

                entry.LogDate,

                entry.RequestId,

                entry.ClientIp,

                entry.RateLimit,

                entry.RateLimitPeriod,

                entry.TotalRequests);

        }

    }

}

Logging usage example with SystemDiagnosticsTraceWriter

var traceWriter = new SystemDiagnosticsTraceWriter()

{

    IsVerbose = true

};

config.Services.Replace(typeof(ITraceWriter), traceWriter);

config.EnableSystemDiagnosticsTracing();

config.MessageHandlers.Add(new ThrottlingHandler()

{

    Policy = new ThrottlePolicy(perSecond: 1, perMinute: 30)

    {

        IpThrottling = true,

        ClientThrottling = true,

        EndpointThrottling = true

    },

    Repository = new CacheRepository(),

    Logger = new TracingThrottleLogger()

});

About

WebApiThrottle is open sourced and MIT licensed, the project is hosted on GitHub atgithub.com/stefanprodan/WebApiThrottle, for questions regarding throttling or any problems you’ve encounter please submit an issue on GitHub.

WebApiThrottle限流框架的更多相关文章

  1. WebApiThrottle限流框架使用手册

    阅读目录: 介绍 基于IP全局限流 基于IP的端点限流 基于IP和客户端key的端点限流 IP和客户端key的白名单 IP和客户端key自定义限制频率 端点自定义限制频率 关于被拒请求的计数器 在we ...

  2. webapi限流框架WebApiThrottle

    为了防止网站意外暴增的流量比如活动.秒杀.攻击等,导致整个系统瘫痪,在前后端接口服务处进行流量限制是非常有必要的.本篇主要介绍下Net限流框架WebApiThrottle的使用. WebApiThro ...

  3. 【Dnc.Api.Throttle】适用于.Net Core WebApi接口限流框架

    Dnc.Api.Throttle    适用于Dot Net Core的WebApi接口限流框架 使用Dnc.Api.Throttle可以使您轻松实现WebApi接口的限流管理.Dnc.Api.Thr ...

  4. 微服务组件--限流框架Spring Cloud Hystrix分析

    Hystrix的介绍 [1]Hystrix是springCloud的组件之一,Hystrix 可以让我们在分布式系统中对服务间的调用进行控制加入一些调用延迟或者依赖故障的容错机制. [2]Hystri ...

  5. 控制ASP.NET Web API 调用频率与限流

    ASP.NET MVC 实现 https://github.com/stefanprodan/MvcThrottle ASP.NET WEBAPI 实现 https://github.com/stef ...

  6. Spring Cloud alibaba网关 sentinel zuul 四 限流熔断

    spring cloud alibaba 集成了 他内部开源的 Sentinel 熔断限流框架 Sentinel 介绍 官方网址 随着微服务的流行,服务和服务之间的稳定性变得越来越重要.Sentine ...

  7. 简易RPC框架-客户端限流配置

    *:first-child { margin-top: 0 !important; } body>*:last-child { margin-bottom: 0 !important; } /* ...

  8. Anno 框架 增加缓存、限流策略、事件总线、支持 thrift grpc 作为底层传输

    github 地址:https://github.com/duyanming/dymDemo dym 分布式开发框架 Demo 熔断 限流 事件总线(包括基于内存的.rabbitmq的) CQRS D ...

  9. 快速入门系列--WCF--06并发限流、可靠会话和队列服务

    这部分将介绍一些相对深入的知识点,包括通过并发限流来保证服务的可用性,通过可靠会话机制保证会话信息的可靠性,通过队列服务来解耦客户端和服务端,提高系统的可服务数量并可以起到削峰的作用,最后还会对之前的 ...

随机推荐

  1. IOS 封装类的时候注释格式,使用的时候可以想官方库一样快捷显示

    /** @brief 详情 @param 参数 @note 注意 @return 返回值类型 @code 这里写例题代码 @endcode @see 相似的方法参考 */

  2. 【转发】构建高可伸缩性的WEB交互式系统(中)

    原文转自:http://kb.cnblogs.com/page/503953/ 在<构建高可伸缩性的WEB交互式系统>的第一篇,我们介绍了Web交互式系统中平台的可伸缩性.本文将描述模块的 ...

  3. Ubuntu 修改IP地址网关

    一.使用命令设置Ubuntu IP地址 1.修改配置文件blacklist.conf禁用IPV6 sudo vi /etc/modprobe.d/blacklist.conf 表示用vi编辑器(也可以 ...

  4. 让IE9支持html5

    IE10以上才算是真正支持了html5 ,但仍然有些地方和别的浏览器不一致,比如要在js里移除一个html标签, 如果是IE,document.getElementById("a" ...

  5. C++ 并发消息队列

    C++ 并发消息队列 在网上找到了一份POSIX线程显示的并发消息队列示例代码: http://codereview.stackexchange.com/questions/41604/thread- ...

  6. JAVA学习之Ecplise IDE 使用技巧(2)第二章:键盘小快手,代码辅助

    上一篇:JAVA学习之Ecplise IDE 使用技巧(1)第一章:我的地盘我做主,工作空间 第二章:键盘小快手,代码辅助 内容包括: 第一:显示行号 如何设置行号:Ecplice菜单Windows& ...

  7. ZOJ 1029 Moving Tables

    原题链接 题目大意:走廊两边排列了400个房间,要在两个房间之间搬桌子.搬桌子的时候会占用一部分走廊,有冲突的话要回避.求最快搬完的时间. 解法:开辟一个数组,每占用一段走廊,就把相应的房间号的元素加 ...

  8. scala言语基础学习三

    map的操作 访问fangwemap元素 修改map元素 遍历map sortmap和linkmap map元素类型tuple

  9. js 获取地址栏参数

    function GetQueryString(name) { var reg = new RegExp("(^|&)" + name + "=([^&] ...

  10. hdu 5351 规律+大数

    题目大意:定义了一种fib字符串,问第n个fib串的前m个字母前后相等串的最大长度,大约就是这样的 其实主要读完题意的时候并没有思路,但是列几个fib字符串就会发现,除了fib1以外,所有串的前面都是 ...