rate_limit does not trigger

[UltraBlackLinux]

Hey there,
I'm trying to protect a basicauth prompt against brute-forcing using rate_limit, but for some reason it just does not trigger. I can curl the path all day long and it will not even once return a 429. Here's my config:

handle_path /test {
  rate_limit {query.id} 1r/m
  basicauth {
    something something
  }
  reverse_proxy ...
 }

any idea why?

[Hor1kon]

same problem, did you find a solution?

[UltraBlackLinux]

@Hor1kon I switched to this: https://github.com/mholt/caddy-ratelimit
it's working fine

[decaf-dev]

@Hor1kon This is working for me

    handle /login {
        rate_limit {remote.host} 10r/m
        reverse_proxy my-app:3000 {
            header_up X-Real-IP {remote_host}
        }
    }

I had to add an order block at the top of my Caddy file

{
	order rate_limit before basicauth
}

Also, make sure that the network request that you are trying to block actually matches the path that you have in your handle.

[Hor1kon]

@Hor1kon I switched to this: https://github.com/mholt/caddy-ratelimit it's working fine

Yea, I also have switched to it

[Hor1kon]

@Hor1kon This is working for me

    handle /login {
        rate_limit {remote.host} 10r/m
        reverse_proxy my-app:3000 {
            header_up X-Real-IP {remote_host}
        }
    }

I had to add an order block at the top of my Caddy file

{
	order rate_limit before basicauth
}

Also, make sure that the network request that you are trying to block actually matches the path that you have in your handle.

Yeah, I think by me it wasn't working because of this first line, because in other rate-limit build this line was initially in the example