Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
80 lines (51 sloc) 2.67 KB


a rate limit plugin for caddy

Travis CI Go Report Card GoDoc


Excessive requests will be terminated with an error 429 (Too Many Requests)! And X-RateLimit-RetryAfter header will be returned.

For single resource:

ratelimit methods path rate burst unit
  • methods are the request methods it will match (comma separately)

  • path is the file or directory to apply rate limit

  • rate is the limited request in every time unit (r/s, r/m, r/h, r/d, r/w) (e.g. 1)

  • burst is the maximum burst size client can exceed; burst >= rate (e.g. 2)

  • unit is the time interval (currently support: second, minute, hour, day, week)

For multiple resources:

ratelimit methods rate burst unit {
    whitelist CIDR
  • whitelist is the keyword for whitelist your trusted ips, CIDR is the IP range you don't want to perform rate limit. whitelist is a general rule, it won't target for specific resource.
  • resources is a list of files/directories to apply rate limit, one per line

Note: If you don't want to apply rate limit on some special resources, add ^ in front of the path.


Limit clients to 2 requests per second (bursts of 3) to any methods and any resources under /r:

ratelimit * /r 2 3 second

Don't perform rate limit if requests come from or ~, for the listed paths, limit clients to 2 requests per minute (bursts of 2) if the request method is GET or POST and always ignore /dist/app.js:

ratelimit get,post 2 2 minute {


curl | bash -s personal http.ratelimit


docker run -d -p 2016:2016 -v `pwd`/Caddyfile:/go/src/ --name ratelimit xuqingfeng/caddy-rate-limit

Inspired by