"IpRateLimitPolicies": { //ip法则 "IpRules": [ { //IP "Ip": "84.247.85.224", //法则内容 "Rules": [ //1s请求10次 {"Endpoint": "*","Period": "1s","Limit": 10}, //15分钟请求200次 {"Endpoint": "*","Period": "15m","Limit": 200} ] }, { //ip支持配置多个 "Ip": "192.168.3.22/25", "Rules": [ //1秒请求5次 {"Endpoint": "*","Period": "1s","Limit": 5}, //15分钟请求150次 {"Endpoint": "*","Period": "15m","Limit": 150}, //12小时请求500次 {"Endpoint": "*","Period": "12h","Limit": 500} ] } ] }
基于客户端ID速率限制1、修改Startup文件:
public void ConfigureServices(IServiceCollection services) { //需要从加载设置文件appsettings.json services.AddOptions(); //需要存储速率限制计较器和ip法则 services.AddMemoryCache(); //从appsettings.json中加载通例设置 services.Configure<ClientRateLimitOptions>(Configuration.GetSection("IPRateLimiting")); //从appsettings.json中加载客户端法则 services.Configure<ClientRateLimitPolicies>(Configuration.GetSection("ClientRateLimitPolicies")); //注入计数器和法则存储 services.AddSingleton<IClientPolicyStore, MemoryCacheClientPolicyStore>(); services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>(); services.AddControllers(); // https://github.com/aspnet/Hosting/issues/793 // the IHttpContextAccessor service is not registered by default. //注入计数器和法则存储 services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>(); //设置(理会器、计数器密钥生成器) services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>(); } public void Configure(IApplicationBuilder app, IHostingEnvironment env) { //启用客户端限制 app.UseClientRateLimiting(); app.UseMvc(); }
2、通用设置回收IP限制沟通设置,添加客户端限制设置:
//客户端限制配置 "ClientRateLimitPolicies": { "ClientRules": [ { //客户端id "ClientId": "client-id-1", "Rules": [ {"Endpoint": "*","Period": "1s","Limit": 10}, {"Endpoint": "*","Period": "15m","Limit": 200} ] }, { "ClientId": "client-id-2", "Rules": [ {"Endpoint": "*","Period": "1s","Limit": 5}, {"Endpoint": "*","Period": "15m","Limit": 150}, {"Endpoint": "*","Period": "12h","Limit": 500} ] } ] }
3、挪用功效:
配置法则:1s只能挪用一次:首次挪用
挪用第二次:自界说返回内容
添加 IpRateLimitController节制器:
/// <summary> /// IP限制节制器 /// </summary> [Route("api/[controller]")] [ApiController] public class IpRateLimitController : ControllerBase { private readonly IpRateLimitOptions _options; private readonly IIpPolicyStore _ipPolicyStore; /// <summary> /// /// </summary> /// <param></param> /// <param></param> public IpRateLimitController(IOptions<IpRateLimitOptions> optionsAccessor, IIpPolicyStore ipPolicyStore) { _options = optionsAccessor.Value; _ipPolicyStore = ipPolicyStore; } /// <summary> /// 获取限制法则 /// </summary> /// <returns></returns> [HttpGet] public async Task<IpRateLimitPolicies> Get() { return await _ipPolicyStore.GetAsync(_options.IpPolicyPrefix); } /// <summary> /// /// </summary> [HttpPost] public async Task Post(IpRateLimitPolicy ipRate) { var pol = await _ipPolicyStore.GetAsync(_options.IpPolicyPrefix); if (ipRate != null) { pol.IpRules.Add(ipRate); await _ipPolicyStore.SetAsync(_options.IpPolicyPrefix, pol); } } }
漫衍式陈设时,需要将速率限制计较器和ip法则存储到漫衍式缓存中如Redis
修改注入工具
// inject counter and rules distributed cache stores services.AddSingleton<IClientPolicyStore, DistributedCacheClientPolicyStore>(); services.AddSingleton<IRateLimitCounterStore,DistributedCacheRateLimitCounterStore>();
添加Nuget包 Microsoft.Extensions.Caching.StackExchangeRedis
在Startup中配置Redis毗连
services.AddStackExchangeRedisCache(options => { options.ConfigurationOptions = new ConfigurationOptions { //silently retry in the background if the Redis connection is temporarily down AbortOnConnectFail = false }; options.Configuration = "localhost:6379"; options.InstanceName = "AspNetRateLimit"; });
限制时自界说相应功效: