✅ Rate limiting no worky
Got rate limiting all set up:
and registered
got rate limiting set on an endpoint:
and yet I can spam it ad infinitum and rate limiting never triggers. What gives?
28 Replies
did you exclude using the
EnableRateLimiting
attribute?That's for controllers, IIRC, not for minimal APIs, which is what Immediate.Apis is based on
yeh i was looking at the second part of the code, seeing a bunch of
static
s and going wtf for a minuteUnknown User•4mo ago
Message Not Public
Sign In & Join Server To View
they have
PermitLimit = 3
Unknown User•4mo ago
Message Not Public
Sign In & Join Server To View
ah
Unknown User•4mo ago
Message Not Public
Sign In & Join Server To View
:KEKW:
Seems like, what, the code doesn't even run?
Unknown User•4mo ago
Message Not Public
Sign In & Join Server To View
I did
Unknown User•4mo ago
Message Not Public
Sign In & Join Server To View
Worth a shot ig
Unknown User•4mo ago
Message Not Public
Sign In & Join Server To View
The breakpoint in this extension method itself does get hit, so at least I can tell I'm calling it correctly
Unknown User•4mo ago
Message Not Public
Sign In & Join Server To View
All small ones get hit
Unknown User•4mo ago
Message Not Public
Sign In & Join Server To View
All of those are hit, in order
Unknown User•4mo ago
Message Not Public
Sign In & Join Server To View
Curiously, the
FixedWindowRateLimiterOptions
I have does not have a constructor
Did you check it in 9.0 source?
I'm on 8.0
I'll set permit limit explicitly and see
Nope, even setting it explicitly to 1 still allows me to spam that endpointQueue limit "must" be set as well, it seems:
No cigar
I set every option explicitly and it still doesn't work
huh
ah
Middleware order
I had
app.UseRateLimite()
near the beginning of the middleware stack
Moved it right in front of .UseEndpoints()
That did the trick
Too bad it returns... drumroll... 503
Instead of 429 as it shouldbut that's an entire other class of errors, it seems weird
Status code is easily fixable at least
But yeah, really seems like this whole middleware is... not all that well made?
"Must be set to >1" and then no validation
Unknown User•4mo ago
Message Not Public
Sign In & Join Server To View
My
UseRouting()
is explicit thankfully
So we're gucci