-
-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add RateLimit to list of acceptable rate limiting headers #458
Comments
Yes, we can add it. Please feel free to submit a PR! |
daveshanley
added a commit
that referenced
this issue
Feb 20, 2024
Merged
daveshanley
added a commit
that referenced
this issue
Feb 20, 2024
daveshanley
added a commit
that referenced
this issue
Feb 20, 2024
#458 Signed-off-by: quobix <dave@quobix.com>
daveshanley
added a commit
that referenced
this issue
Feb 20, 2024
#458 Signed-off-by: quobix <dave@quobix.com>
This was added in https://github.com/daveshanley/vacuum/blob/main/rulesets/owasp_ruleset_functions.go#L277 |
An official thank you, sir! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Enhancement request
In looking at the rule owasp-rate-limit and comparing against the RateLimit IETF draft, I wonder if we could add one more header string to the list of acceptable header names.
In the function
GetOWASPRateLimitRule()
(vacuum/rulesets/owasp_ruleset_functions.go), the following acceptable string values for RateLimit headers are defined:Those are certainly common, and in the draft the authors refer to the combined header
RateLimit
as a dictionary and examples show a combined header for limit, remaining, and reset tokens. In reviewing some of that team's Github PRs and commentary, they refer toRateLimit
and its dictionary as the new style being proposed. For example:Can we add this to the list of acceptable values? It would be an additional var entry like:
ratelimit = "RateLimit"
and then adding it to the FunctionOptions below in the model rule.The text was updated successfully, but these errors were encountered: