Limit the rate of calls made to the health/ready endpoint

- add package AspNetCoreRateLimit (5.0.0)
- add it as a service in Program.cs, and configure it using the RateLimit.ConfigureServices method
- configure settings in appsettings.json

InvestmentManager/InvestmentManager/InvestmentManager.csproj

@@ -12,6 +12,7 @@
 		<PackageReference Include="AspNetCore.HealthChecks.UI" Version="6.0.5" />
 		<PackageReference Include="AspNetCore.HealthChecks.UI.Client" Version="6.0.5" />
 		<PackageReference Include="AspNetCore.HealthChecks.UI.InMemory.Storage" Version="6.0.5" />
+		<PackageReference Include="AspNetCoreRateLimit" Version="5.0.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.15" />
 		<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="6.0.18" />
 		<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="6.0.13" />

InvestmentManager/InvestmentManager/Program.cs

@@ -1,7 +1,9 @@
+using AspNetCoreRateLimit;
 using HealthChecks.UI.Client;
 using InvestmentManager.Core;
 using InvestmentManager.DataAccess.EF;
 using InvestmentManager.HealthChecks;
+using InvestmentManager.RateLimit;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Diagnostics.HealthChecks;
 using Microsoft.AspNetCore.Http;
@@ -126,6 +128,12 @@
     options.AddHealthCheckEndpoint(" HC UI endpoint", "https://localhost:51500/healthui");
 }).AddInMemoryStorage();
 
+// Add and configure services required for AspNetCoreRateLimit
+RateLimit.ConfigureServices(builder.Services, builder.Configuration);
+// This is required to set the default value for AspNetCoreRateLimit.IProcessingStrategy
+builder.Services.AddSingleton<IProcessingStrategy, AsyncKeyLockProcessingStrategy>();
+
+
 var app = builder.Build();
 
 // Configure the HTTP request pipeline.
@@ -144,6 +152,7 @@
 app.UseCors();
 app.UseAuthentication();
 app.UseAuthorization();
+app.UseIpRateLimiting();
 
 app.UseEndpoints(endpoints =>
 {

InvestmentManager/InvestmentManager/RateLimit/RateLimit.cs

@@ -0,0 +1,30 @@
+using AspNetCoreRateLimit;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace InvestmentManager.RateLimit
+{
+    public static class RateLimit
+    {
+        public static void ConfigureServices(IServiceCollection services, IConfiguration configuration)
+        {
+            // needed to load configuration from appsettings.json
+            services.AddOptions();
+            // needed to store rate limit counters and ip rules
+            services.AddMemoryCache();
+            //load general configuration from appsettings.json
+            services.Configure<IpRateLimitOptions>(configuration.GetSection("IpRateLimiting"));
+            //load ip rules from appsettings.json
+            services.Configure<IpRateLimitPolicies>(configuration.GetSection("IpRateLimitPolicies"));
+            // inject counter and rules stores
+            services.AddSingleton<IIpPolicyStore, MemoryCacheIpPolicyStore>();
+            services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>();
+            // Add framework services.
+            services.AddMvc();
+            services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>();
+            // configuration (resolvers, counter key builders)
+            services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>();
+        }
+    }
+}

InvestmentManager/InvestmentManager/appsettings.json

@@ -32,5 +32,22 @@
     ],
     "EvaluationTimeOnSeconds": 10,
     "MinimumSecondsBetweenFailureNotifications": 60
+  },
+  "IpRateLimiting": {
+    "EnableEndpointRateLimiting": true,
+    "StackBlockedRequests": true,
+    "RealIpHeader": "X-Real-IP",
+    "ClientIdHeader": "X-ClientId",
+    "HttpStatusCode": 429,
+    "IpWhitelist": [ "23" ],
+    "EndpointWhitelist": [ "get:/api/license", "*:/api/status" ],
+    "ClientWhitelist": [ "test4", "test3" ],
+    "GeneralRules": [
+      {
+        "Endpoint": "*:/health/ready",
+        "Period": "10s",
+        "Limit": 1
+      }
+    ]
   }
 }