Asp.NET Core 限流控制-AspNetCoreRateLimit
原由:
近期項目中,提供了一些調用頻率較高的api接口,須要保障服務器的穩定運行;須要對提供的接口進行限流控制。避免因客戶端頻繁的請求致使服務器的壓力。git
1、AspNetCoreRateLimit 介紹
AspNetCoreRateLimit是一個ASP.NET Core速率限制的解決方案,旨在控制客戶端根據IP地址或客戶端ID向Web API或MVC應用發出的請求的速率。AspNetCoreRateLimit包含一個IpRateLimitMiddleware和ClientRateLimitMiddleware,每一箇中間件能夠根據不一樣的場景配置限制容許IP或客戶端,自定義這些限制策略,也能夠將限制策略應用在每個API URL或具體的HTTP Method上。github
2、AspNetCoreRateLimit使用
由上面介紹可知AspNetCoreRateLimit支持了兩種方式:基於客戶端IP(IpRateLimitMiddleware)和客戶端ID(ClientRateLimitMiddleware)速率限制 接下來就分別說明使用方式json
添加Nuget包引用:api
Install-Package AspNetCoreRateLimit
- 基於客戶端IP速率限制
一、修改Startup.cs中方法:緩存
public class Startup { public Startup(IConfiguration configuration) { Configuration = configuration; } public IConfiguration Configuration { get; }// This method gets called by the runtime. Use this method to add services to the container. public void ConfigureServices(IServiceCollection services) { //須要從加載配置文件appsettings.json services.AddOptions(); //須要存儲速率限制計算器和ip規則 services.AddMemoryCache(); //從appsettings.json中加載常規配置,IpRateLimiting與配置文件中節點對應 services.Configure<IpRateLimitOptions>(Configuration.GetSection("IpRateLimiting")); //從appsettings.json中加載Ip規則 services.Configure<IpRateLimitPolicies>(Configuration.GetSection("IpRateLimitPolicies")); //注入計數器和規則存儲 services.AddSingleton<IIpPolicyStore, MemoryCacheIpPolicyStore>(); services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>(); services.AddControllers(); services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>(); //配置(解析器、計數器密鑰生成器) services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>(); //Other Code } // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { //Other Code app.UseRouting(); app.UseAuthorization(); //啓用客戶端IP限制速率 app.UseIpRateLimiting(); app.UseEndpoints(endpoints => { endpoints.MapControllers(); }); } }
二、在appsettings.json中添加通用配置項節點:(IpRateLimiting節點與Startup中取的節點對應)服務器
"IpRateLimiting": { //false,則全局將應用限制,而且僅應用具備做爲端點的規則*。例如,若是您設置每秒5次調用的限制,則對任何端點的任何HTTP調用都將計入該限制 //true, 則限制將應用於每一個端點,如{HTTP_Verb}{PATH}。例如,若是您爲*:/api/values客戶端設置每秒5個呼叫的限制, "EnableEndpointRateLimiting": false, //false,拒絕的API調用不會添加到調用次數計數器上;如 客戶端每秒發出3個請求而且您設置了每秒一個調用的限制,則每分鐘或天天計數器等其餘限制將僅記錄第一個調用,即成功的API調用。若是您但願被拒絕的API調用計入其餘時間的顯示(分鐘,小時等)
//,則必須設置StackBlockedRequests爲true。 "StackBlockedRequests": false, //Kestrel 服務器背後是一個反向代理,若是你的代理服務器使用不一樣的頁眉而後提取客戶端IP X-Real-IP使用此選項來設置 "RealIpHeader": "X-Real-IP", //取白名單的客戶端ID。若是此標頭中存在客戶端ID而且與ClientWhitelist中指定的值匹配,則不該用速率限制。 "ClientIdHeader": "X-ClientId", //限制狀態碼 "HttpStatusCode": 429, ////IP白名單:支持Ip v4和v6 //"IpWhitelist": [ "127.0.0.1", "::1/10", "192.168.0.0/24" ], ////端點白名單 //"EndpointWhitelist": [ "get:/api/license", "*:/api/status" ], ////客戶端白名單 //"ClientWhitelist": [ "dev-id-1", "dev-id-2" ], //通用規則 "GeneralRules": [ { //端點路徑 "Endpoint": "*", //時間段,格式:{數字}{單位};可以使用單位:s, m, h, d "Period": "1s", //限制 "Limit": 2 },
//15分鐘只能調用100次 {"Endpoint": "*","Period": "15m","Limit": 100},
//12H只能調用1000 {"Endpoint": "*","Period": "12h","Limit": 1000},
//7天只能調用10000次 {"Endpoint": "*","Period": "7d","Limit": 10000} ] }
配置節點已添加相應註釋信息。app
規則設置格式: async
端點格式:{HTTP_Verb}:{PATH},您可使用asterix符號來定位任何HTTP謂詞。分佈式
期間格式:{INT}{PERIOD_TYPE},您可使用如下期間類型之一:s, m, h, d。ui
限制格式:{LONG}
三、特色Ip限制規則設置,在appsettings.json中添加 IP規則配置節點
"IpRateLimitPolicies": { //ip規則 "IpRules": [ { //IP "Ip": "84.247.85.224", //規則內容 "Rules": [ //1s請求10次 {"Endpoint": "*","Period": "1s","Limit": 10}, //15分鐘請求200次 {"Endpoint": "*","Period": "15m","Limit": 200} ] }, { //ip支持設置多個 "Ip": "192.168.3.22/25", "Rules": [ //1秒請求5次 {"Endpoint": "*","Period": "1s","Limit": 5}, //15分鐘請求150次 {"Endpoint": "*","Period": "15m","Limit": 150}, //12小時請求500次 {"Endpoint": "*","Period": "12h","Limit": 500} ] } ] }
- 基於客戶端ID速率限制
一、修改Startup文件:
public void ConfigureServices(IServiceCollection services) { //須要從加載配置文件appsettings.json services.AddOptions(); //須要存儲速率限制計算器和ip規則 services.AddMemoryCache(); //從appsettings.json中加載常規配置 services.Configure<ClientRateLimitOptions>(Configuration.GetSection("IPRateLimiting")); //從appsettings.json中加載客戶端規則 services.Configure<ClientRateLimitPolicies>(Configuration.GetSection("ClientRateLimitPolicies")); //注入計數器和規則存儲 services.AddSingleton<IClientPolicyStore, MemoryCacheClientPolicyStore>(); services.AddSingleton<IRateLimitCounterStore, MemoryCacheRateLimitCounterStore>(); services.AddControllers(); // https://github.com/aspnet/Hosting/issues/793 // the IHttpContextAccessor service is not registered by default. //注入計數器和規則存儲 services.AddSingleton<IHttpContextAccessor, HttpContextAccessor>(); //配置(解析器、計數器密鑰生成器) services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>(); } public void Configure(IApplicationBuilder app, IHostingEnvironment env) { //啓用客戶端限制 app.UseClientRateLimiting(); app.UseMvc(); }
二、通用配置採用IP限制相同配置,添加客戶端限制配置:
//客戶端限制設置 "ClientRateLimitPolicies": { "ClientRules": [ { //客戶端id "ClientId": "client-id-1", "Rules": [ {"Endpoint": "*","Period": "1s","Limit": 10}, {"Endpoint": "*","Period": "15m","Limit": 200} ] }, { "ClientId": "client-id-2", "Rules": [ {"Endpoint": "*","Period": "1s","Limit": 5}, {"Endpoint": "*","Period": "15m","Limit": 150}, {"Endpoint": "*","Period": "12h","Limit": 500} ] } ] }
三、調用結果:
設置規則:1s只能調用一次:首次調用
調用第二次:自定義返回內容
3、其餘
- 運行時更新速率限制
添加IpRateLimitController控制器:
/// <summary> /// IP限制控制器 /// </summary> [Route("api/[controller]")] [ApiController] public class IpRateLimitController : ControllerBase { private readonly IpRateLimitOptions _options; private readonly IIpPolicyStore _ipPolicyStore; /// <summary> /// /// </summary> /// <param name="optionsAccessor"></param> /// <param name="ipPolicyStore"></param> public IpRateLimitController(IOptions<IpRateLimitOptions> optionsAccessor, IIpPolicyStore ipPolicyStore) { _options = optionsAccessor.Value; _ipPolicyStore = ipPolicyStore; } /// <summary> /// 獲取限制規則 /// </summary> /// <returns></returns> [HttpGet] public async Task<IpRateLimitPolicies> Get() { return await _ipPolicyStore.GetAsync(_options.IpPolicyPrefix); } /// <summary> /// /// </summary> [HttpPost] public async Task Post(IpRateLimitPolicy ipRate) { var pol = await _ipPolicyStore.GetAsync(_options.IpPolicyPrefix); if (ipRate != null) { pol.IpRules.Add(ipRate); await _ipPolicyStore.SetAsync(_options.IpPolicyPrefix, pol); } } }
- 分佈式部署時,須要將速率限制計算器和ip規則存儲到分佈式緩存中如Redis
- 修改注入對象
// inject counter and rules distributed cache stores services.AddSingleton<IClientPolicyStore, DistributedCacheClientPolicyStore>(); services.AddSingleton<IRateLimitCounterStore,DistributedCacheRateLimitCounterStore>();
-
- 添加Nuget包 Microsoft.Extensions.Caching.StackExchangeRedis
- 在Startup中設置Redis鏈接
services.AddStackExchangeRedisCache(options => { options.ConfigurationOptions = new ConfigurationOptions { //silently retry in the background if the Redis connection is temporarily down AbortOnConnectFail = false }; options.Configuration = "localhost:6379"; options.InstanceName = "AspNetRateLimit"; });
- 限制時自定義相應結果:
//請求返回 "QuotaExceededResponse": { "Content": "{{\"code\":429,\"msg\":\"Visit too frequently, please try again later\",\"data\":null}}", "ContentType": "application/json;utf-8", "StatusCode": 429 },
調用時返回結果:
其餘:
示例代碼:https://github.com/cwsheng/WebAPIVersionDemo
相關文章
- 1. .Net Core結合AspNetCoreRateLimit實現限流
- 2. ASP.NET Core WebApi AspNetCoreRateLimit 限流中間件簡單使用
- 3. asp.net core mvc權限控制:權限控制介紹
- 4. asp.net core mvc權限控制:在視圖中控制操做權限
- 5. asp.netcore web api訪問限制AspNetCoreRateLimit
- 6. asp.net core mvc權限控制:分配權限
- 7. ASP.NET Core MVC (2)控制器
- 8. ASP.NET Core WebApi版本控制
- 9. ASP.NET Core 3.x 併發限制
- 10. ASP.Net Core 3.X併發限制簡介
- 更多相關文章...
- • Lua 流程控制 - Lua 教程
- • ASP.NET MVC - 控制器 - ASP.NET 教程
- • Docker容器實戰(六) - 容器的隔離與限制
- • 漫談MySQL的鎖機制
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. .Net Core結合AspNetCoreRateLimit實現限流
- 2. ASP.NET Core WebApi AspNetCoreRateLimit 限流中間件簡單使用
- 3. asp.net core mvc權限控制:權限控制介紹
- 4. asp.net core mvc權限控制:在視圖中控制操做權限
- 5. asp.netcore web api訪問限制AspNetCoreRateLimit
- 6. asp.net core mvc權限控制:分配權限
- 7. ASP.NET Core MVC (2)控制器
- 8. ASP.NET Core WebApi版本控制
- 9. ASP.NET Core 3.x 併發限制
- 10. ASP.Net Core 3.X併發限制簡介