private ThrottleLogEntry ComputeLogEntry(string requestId, RequestIdentity identity, ThrottleCounter throttleCounter, string rateLimitPeriod, long rateLimit, HttpRequestBase request)
{
return(new ThrottleLogEntry
{
ClientIp = identity.ClientIp,
ClientKey = identity.ClientKey,
Endpoint = identity.Endpoint,
LogDate = DateTime.UtcNow,
RateLimit = rateLimit,
RateLimitPeriod = rateLimitPeriod,
RequestId = requestId,
StartPeriod = throttleCounter.Timestamp,
TotalRequests = throttleCounter.TotalRequests,
Request = request
});
}
protected virtual RequestIdentity SetIdentity(HttpRequestBase request)
{
var entry = new RequestIdentity();
entry.ClientIp = IpAddressParser.GetClientIp(request).ToString();
entry.ClientKey = request.IsAuthenticated ? "auth" : "anon";
var rd = request.RequestContext.RouteData;
string currentAction = rd.GetRequiredString("action");
string currentController = rd.GetRequiredString("controller");
switch (Policy.EndpointType)
{
case EndpointThrottlingType.AbsolutePath:
entry.Endpoint = request.Url.AbsolutePath;
break;
case EndpointThrottlingType.PathAndQuery:
entry.Endpoint = request.Url.PathAndQuery;
break;
case EndpointThrottlingType.ControllerAndAction:
entry.Endpoint = currentController + "/" + currentAction;
break;
case EndpointThrottlingType.Controller:
entry.Endpoint = currentController;
break;
default:
break;
}
//case insensitive routes
entry.Endpoint = entry.Endpoint.ToLowerInvariant();
entry.UserAgent = request.UserAgent;
return(entry);
}
private bool IsWhitelisted(RequestIdentity requestIdentity)
{
if (Policy.IpThrottling)
{
if (Policy.IpWhitelist != null && IpAddressParser.ContainsIp(Policy.IpWhitelist, requestIdentity.ClientIp))
{
return(true);
}
}
if (Policy.ClientThrottling)
{
if (Policy.ClientWhitelist != null && Policy.ClientWhitelist.Contains(requestIdentity.ClientKey))
{
return(true);
}
}
if (Policy.EndpointThrottling)
{
if (Policy.EndpointWhitelist != null &&
Policy.EndpointWhitelist.Any(x => requestIdentity.Endpoint.IndexOf(x, 0, StringComparison.InvariantCultureIgnoreCase) != -1))
{
return(true);
}
}
if (Policy.UserAgentThrottling && requestIdentity.UserAgent != null)
{
if (Policy.UserAgentWhitelist != null &&
Policy.UserAgentWhitelist.Any(x => requestIdentity.UserAgent.IndexOf(x, 0, StringComparison.InvariantCultureIgnoreCase) != -1))
{
return(true);
}
}
return(false);
}
private ThrottleCounter ProcessRequest(RequestIdentity requestIdentity, TimeSpan timeSpan, RateLimitPeriod period, out string id)
{
var throttleCounter = new ThrottleCounter()
{
Timestamp = DateTime.UtcNow,
TotalRequests = 1
};
id = ComputeThrottleKey(requestIdentity, period);
//serial reads and writes
lock (_processLocker)
{
var entry = Repository.FirstOrDefault(id);
if (entry.HasValue)
{
//entry has not expired
if (entry.Value.Timestamp + timeSpan >= DateTime.UtcNow)
{
//increment request count
var totalRequests = entry.Value.TotalRequests + 1;
//deep copy
throttleCounter = new ThrottleCounter
{
Timestamp = entry.Value.Timestamp,
TotalRequests = totalRequests
};
}
}
//stores: id (string) - timestamp (datetime) - total (long)
Repository.Save(id, throttleCounter, timeSpan);
}
return(throttleCounter);
}
protected virtual string ComputeThrottleKey(RequestIdentity requestIdentity, RateLimitPeriod period)
{
var keyValues = new List <string>()
{
"throttle"
};
if (Policy.IpThrottling)
{
keyValues.Add(requestIdentity.ClientIp);
}
if (Policy.ClientThrottling)
{
keyValues.Add(requestIdentity.ClientKey);
}
if (Policy.EndpointThrottling)
{
keyValues.Add(requestIdentity.Endpoint);
}
if (Policy.UserAgentThrottling)
{
keyValues.Add(requestIdentity.UserAgent);
}
keyValues.Add(period.ToString());
var id = string.Join("_", keyValues);
var idBytes = Encoding.UTF8.GetBytes(id);
var hashBytes = new System.Security.Cryptography.SHA1Managed().ComputeHash(idBytes);
var hex = BitConverter.ToString(hashBytes).Replace("-", "");
return(hex);
}
private bool IsWhitelisted(RequestIdentity requestIdentity)
{
if (Policy.IpThrottling)
if (Policy.IpWhitelist != null && ContainsIp(Policy.IpWhitelist, requestIdentity.ClientIp))
return true;
if (Policy.ClientThrottling)
if (Policy.ClientWhitelist != null && Policy.ClientWhitelist.Contains(requestIdentity.ClientKey))
return true;
if (Policy.EndpointThrottling)
if (Policy.EndpointWhitelist != null && Policy.EndpointWhitelist.Any(x => requestIdentity.Endpoint.Contains(x.ToLowerInvariant())))
return true;
return false;
}
private ThrottleCounter ProcessRequest(RequestIdentity requestIdentity, TimeSpan timeSpan, RateLimitPeriod period, out string id)
{
var throttleCounter = new ThrottleCounter()
{
Timestamp = DateTime.UtcNow,
TotalRequests = 1
};
id = ComputeThrottleKey(requestIdentity, period);
//serial reads and writes
lock (_processLocker)
{
var entry = Repository.FirstOrDefault(id);
if (entry.HasValue)
{
//entry has not expired
if (entry.Value.Timestamp + timeSpan >= DateTime.UtcNow)
{
//increment request count
var totalRequests = entry.Value.TotalRequests + 1;
//deep copy
throttleCounter = new ThrottleCounter
{
Timestamp = entry.Value.Timestamp,
TotalRequests = totalRequests
};
}
}
//stores: id (string) - timestamp (datetime) - total (long)
Repository.Save(id, throttleCounter, timeSpan);
}
return throttleCounter;
}
private ThrottleLogEntry ComputeLogEntry(string requestId, RequestIdentity identity, ThrottleCounter throttleCounter, string rateLimitPeriod, long rateLimit, HttpRequestBase request)
{
return new ThrottleLogEntry
{
ClientIp = identity.ClientIp,
ClientKey = identity.ClientKey,
Endpoint = identity.Endpoint,
LogDate = DateTime.UtcNow,
RateLimit = rateLimit,
RateLimitPeriod = rateLimitPeriod,
RequestId = requestId,
StartPeriod = throttleCounter.Timestamp,
TotalRequests = throttleCounter.TotalRequests,
Request = request
};
}
protected virtual RequestIdentity SetIndentity(HttpRequestBase request)
{
var entry = new RequestIdentity();
entry.ClientIp = GetClientIp(request).ToString();
entry.ClientKey = request.IsAuthenticated ? "auth" : "anon";
var rd = request.RequestContext.RouteData;
string currentAction = rd.GetRequiredString("action");
string currentController = rd.GetRequiredString("controller");
switch (Policy.EndpointType)
{
case EndpointThrottlingType.AbsolutePath:
entry.Endpoint = request.Url.AbsolutePath;
break;
case EndpointThrottlingType.PathAndQuery:
entry.Endpoint = request.Url.PathAndQuery;
break;
case EndpointThrottlingType.ControllerAndAction:
entry.Endpoint = currentController + "/" + currentAction;
break;
case EndpointThrottlingType.Controller:
entry.Endpoint = currentController;
break;
default:
break;
}
//case insensitive routes
entry.Endpoint = entry.Endpoint.ToLowerInvariant();
return entry;
}
protected virtual string ComputeThrottleKey(RequestIdentity requestIdentity, RateLimitPeriod period)
{
var keyValues = new List<string>()
{
"throttle"
};
if (Policy.IpThrottling)
keyValues.Add(requestIdentity.ClientIp);
if (Policy.ClientThrottling)
keyValues.Add(requestIdentity.ClientKey);
if (Policy.EndpointThrottling)
keyValues.Add(requestIdentity.Endpoint);
keyValues.Add(period.ToString());
var id = string.Join("_", keyValues);
var idBytes = Encoding.UTF8.GetBytes(id);
var hashBytes = new System.Security.Cryptography.SHA1Managed().ComputeHash(idBytes);
var hex = BitConverter.ToString(hashBytes).Replace("-", "");
return hex;
}
//the IP rules are applied last and will overwrite any client rule you might defined
internal void ApplyRules(RequestIdentity identity, TimeSpan timeSpan, RateLimitPeriod rateLimitPeriod, ref long rateLimit)
{
// apply endpoint rate limits
if (Policy.EndpointRules != null)
{
var rules = Policy.EndpointRules.Where(x => identity.Endpoint.Contains(x.Key.ToLowerInvariant())).ToList();
if (rules.Any())
{
// get the lower limit from all applying rules
var customRate = (from r in rules let rateValue = r.Value.GetLimit(rateLimitPeriod) select rateValue).Min();
if (customRate > 0)
{
rateLimit = customRate;
}
}
}
// apply custom rate limit for clients that will override endpoint limits
if (Policy.ClientRules != null && Policy.ClientRules.Keys.Contains(identity.ClientKey))
{
var limit = Policy.ClientRules[identity.ClientKey].GetLimit(rateLimitPeriod);
if (limit > 0)
{
rateLimit = limit;
}
}
// enforce ip rate limit as is most specific
string ipRule = null;
if (Policy.IpRules != null && ContainsIp(Policy.IpRules.Keys.ToList(), identity.ClientIp, out ipRule))
{
var limit = Policy.IpRules[ipRule].GetLimit(rateLimitPeriod);
if (limit > 0)
{
rateLimit = limit;
}
}
}
private bool IsWhitelisted(RequestIdentity requestIdentity)
{
if (Policy.IpThrottling)
if (Policy.IpWhitelist != null && IpAddressParser.ContainsIp(Policy.IpWhitelist, requestIdentity.ClientIp))
return true;
if (Policy.ClientThrottling)
if (Policy.ClientWhitelist != null && Policy.ClientWhitelist.Contains(requestIdentity.ClientKey))
return true;
if (Policy.EndpointThrottling)
if (Policy.EndpointWhitelist != null &&
Policy.EndpointWhitelist.Any(x => requestIdentity.Endpoint.IndexOf(x, 0, StringComparison.InvariantCultureIgnoreCase) != -1))
return true;
if (Policy.UserAgentThrottling)
if (Policy.UserAgentWhitelist != null &&
Policy.UserAgentWhitelist.Any(x => requestIdentity.UserAgent.IndexOf(x, 0, StringComparison.InvariantCultureIgnoreCase) != -1))
return true;
return false;
}
