-
Notifications
You must be signed in to change notification settings - Fork 9.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rate Limiting configuration - policy validation #45684
Comments
Triage: this seems like a reasonable suggestion (a way to find out about these issues at load-time rather than run-time). Would an API that returned a bool (indicating whether the policy exists) be sufficient? |
@mburumaxwell Can you update your comment to make it follow the API proposal template here? https://github.com/dotnet/aspnetcore/issues/new?assignees=&labels=api-suggestion&template=30_api_proposal.md&title= |
@adityamandaleeka this is done |
Thanks @mburumaxwell |
What steps follow to get this to be in the next version of AspNetCore? |
Thank you for submitting this for API review. This will be reviewed by @dotnet/aspnet-api-review at the next meeting of the ASP.NET Core API Review group. Please ensure you take a look at the API review process documentation and ensure that:
|
This proposal will be discussed by our team in an upcoming API review meeting, after which we'll provide feedback/suggestions. Once a proposal gets to the |
Thanks for contacting us. We're moving this issue to the |
API Review Notes:
We think the API needs work. Maybe it could be combined with the rate limit feature proposal. #45658 |
The proposal in #45658 cannot work because the validation would only be available where a HttpContext is yet YARP needs validation elsewhere. If I understand correctly, the main issue is making namespace Microsoft.AspNetCore.RateLimiting;
+ public interface IRateLimiterPolicyProvider
+ {
+ bool DefaultPolicyExists();
+ bool PolicyExists(string policyName);
+ }
+
+ public class DefaultRateLimiterPolicyProvider : IRateLimiterPolicyProvider
+ {
+ private readonly RateLimiterOptions _options;
+
+ public DefaultRateLimiterPolicyProvider(IOptions<RateLimiterOptions> options)
+ {
+
+ }
+
+ public bool PolicyExists(string policyName)
+ {
+ options.PolicyMap.ContainsKey(policyName) || options.UnactivatedPolicyMap.ContainsKey(policyName);
+ }
+ } |
Background and Motivation
The ASP.NET Core rate limiting middleware is great, but "limited" in terms of policy validation. Let's start with some code that you can write today in .NET 7:
There is no way to validate that
customPolicy
actually exists. This is useful when configuring multiple routes from configuration such as is the case for YARP. See microsoft/reverse-proxy#1967Proposed API
It would be preferred to something similar to
IAuthorizationPolicyProvider
implemented viaDefaultAuthorizationPolicyProvider
andICorsPolicyProvider
implemented viaDefaultCorsPolicyProvider
RateLimiterOptions.PolicyMap
is internal hence this feature cannot be added in another library or the final application.Usage Examples
See YARP: https://github.com/microsoft/reverse-proxy/blob/26ce1d15f868cb8da1891d65db1e59a20fd6ecbf/src/ReverseProxy/Configuration/ConfigValidator.cs#L312-L318
Alternative Designs
None
Risks
None
The text was updated successfully, but these errors were encountered: