README
¶
caddy-rate-limit
a
rate limitplugin for caddy
Only support Caddy v1 currently
Syntax
Excessive requests will be terminated with an error 429 (Too Many Requests)! And X-RateLimit-RetryAfter header will be returned.
For single resource:
ratelimit methods path rate burst unit
-
methodsare the request methods it will match (comma separately) -
pathis the file or directory to applyrate limit -
rateis the limited request in every time unit (r/s, r/m, r/h, r/d, r/w) (e.g. 1) -
burstis the maximum burst size client can exceed; burst >= rate (e.g. 2) -
unitis the time interval (currently support:second,minute,hour,day,week)
For multiple resources:
ratelimit methods rate burst unit {
whitelist CIDR,CIDR
limit_by_header xxx
status xxx,xxx
resources
}
whitelistis the keyword for whitelist your trusted ips (comma separately). CIDR is the IP range you don't want to performrate limit.whitelistis a general rule, it won't target for specific resource.limit_by_headeris the keyword for matching the request header. Likewhitelist, it's also a general rule. Note: normally you shouldn't apply this rule unless the defaultlimit by ipis not what you want and you want tolimit by request header(e.g.Authorization).statusis the keyword for matching the response status code (comma separately). If this rule is triggered, all subsequent requests from that client will be blocked regardless of which status code is returned or which resource is requested. Note: this won't block resources not defined inratelimit's config.resourcesis a list of files/directories to applyrate limit, one per line
Note: If you don't want to apply rate limit on some special resources, add ^ in front of the path.
Examples
Limit clients to 2 requests per second (bursts of 3) to any methods and any resources under /r:
ratelimit * /r 2 3 second
Don't perform rate limit if requests come from 1.2.3.4 or 192.168.1.0/30(192.168.1.0 ~ 192.168.1.3), for the listed paths, limit clients to 2 requests per minute (bursts of 2) if the request method is GET or POST and always ignore /dist/app.js:
ratelimit get,post 2 2 minute {
whitelist 1.2.3.4/32,192.168.1.0/30
status *
/foo.html
/api
^/dist/app.js
}
Download
curl https://getcaddy.com | bash -s personal http.ratelimit
Docker
docker run -d -p 2016:2016 -v `pwd`/Caddyfile:/Caddyfile -v `pwd`/test_site:/test_site --name ratelimit xuqingfeng/caddy-rate-limit
Inspired by
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetRemoteIP ¶
GetRemoteIP returns the ip of requester Doesn't care if the ip is real or not
func IsWhitelistIPAddress ¶ added in v1.3.0
IsWhitelistIPAddress check whether an ip is in whitelist
func MatchMethod ¶ added in v1.3.0
MatchMethod check whether the request method is in the methods list
func MatchStatus ¶ added in v1.5.0
MatchStatus check whether the upstream response status code is in the status list
Types ¶
type CaddyLimiter ¶
func NewCaddyLimiter ¶
func NewCaddyLimiter() *CaddyLimiter
func (*CaddyLimiter) Allow ¶
func (cl *CaddyLimiter) Allow(keys []string, rule Rule) bool
Allow is just a shortcut for AllowN
func (*CaddyLimiter) AllowN ¶
func (cl *CaddyLimiter) AllowN(keys []string, rule Rule, n int) bool
AllowN check if n count are allowed for a specific key
func (*CaddyLimiter) CheckKeyExists ¶ added in v1.6.6
func (cl *CaddyLimiter) CheckKeyExists(k string) bool
CheckKeyExists is used to check if a key exists in map
func (*CaddyLimiter) Reserve ¶ added in v1.5.0
func (cl *CaddyLimiter) Reserve(keys []string) bool
Reserve will consume 1 token from `token bucket`
func (*CaddyLimiter) RetryAfter ¶
func (cl *CaddyLimiter) RetryAfter(keys []string) time.Duration
RetryAfter return a helper message for client
type RateLimit ¶
type RateLimit struct {
Next httpserver.Handler
Rules []Rule
}
RateLimit is an http.Handler that can limit request rate to specific paths or files
Source Files