To avoid such attacks, Microsoft has recently created inbuilt middleware called Rate limiting middleware.Core 7 of the internet. We used the Nuget package “AspNetCoreRateLimit” in the previous version to create Rate Limiting capabilities. Now, in this post, I will discuss Rate limiting middleware in detail, and in the next article, we will build it.
Let us first define rate limitation.
What exactly is rate limiting?
Each server has its unique configuration, such as CPU, RAM, Hard drive, and so on, which defines server capacity to handle requests per the set time (secondminute).
Assume you have a server that can handle 1000 requests per second. What happens if someone launches a DDoS/DoS attack that generates 100,000 requests per second?
Your server will be unable to handle these requests and will become unavailable or crash, correct? In this case, rate limitation will assist us in reducing the number of requests per second.
Rate limits can assist us in limiting the maximum number of requests per second (network traffic) to avoid overloading the server.
Let’s now discuss what attacks can be prevented using Rate Limiting Middleware.
Benefits of the Rate Limiting Middleware
We can prevent our applications from many attacks using Rate Limiting Middleware.
Below are a few important attacks that can be prevented,
- DoS attack – please see this article to understand.
- DDoS attack – Please see this article to get a better understanding.
- Brute force attack – it is a trial-and-error method used to decode sensitive data
- Data scraping attacks – This is the process of using an application to extract valuable information from a website.
- Enumeration attacks – It is a technique to attempt to iterate to get secure data.
We can get the below benefits after preventing the above listed attacks,
- It will increase the security of the application.
- It will provide stability and reliability to your application.
- Performance will increase as we have limited the number of requests.
- It will increase the availability of your application as we can block malicious users.
Types of Rate Limiters
“RateLimiterOptionsExtensions” class provides extension methods to offer the below Rate Limiters. This class belongs to the “Microsoft.AspNetCore.RateLimiting” namespace.
The number of requests to be allowed in a given time is fixed. Microsoft has divided all these types on time and requests,
- Fixed Window
- Sliding Window
- Token Bucket Limit
The concurrency limiter limits how many concurrent requests can access the resources of the server.
Let’s see the below example,
Suppose your Concurrency limiter limit is 100. Then 100 concurrent requests can be processed, and allow request would be 0. If you got request 101, it will not be allowed to process.
If 1st request will be completed, then allow requests will be 1. If 2nd request is completed, then allow request would be 2, and so on.
Fixed window Limit
It is a Fixed window; I mean number of requests and time is fixed.
Let’s discuss this more precisely,
Suppose “120 requests per minute”, Fix the window limiter applied. In this case
- only 120 requests can be processed in a minute.
- There can be 120 concurrent requests or 2 requests per second
Any combination of requests can be done in a given time.
Sliding window Limit
Sliding window limit is like Fix window limiter but uses segments for more fine-grained limits.
E.g., the sliding window limit is 120 requests per minute but with 2 requests per second.
Token bucket limit
Token bucket limit controls flow rate and allows for break out.
The token bucket algorithm ensures that a fixed number of tokens are added to the bucket after each replenishment period. Each request consumes a token from the bucket, and if the bucket is empty, the request is rejected.
Suppose we have given 120 requests per minute. If you make all requests in 20 seconds, then you need to wait for 40 seconds, which means it takes complete 1 minute to make more requests.
We have discussed Rate Limiting middleware and all its types available in the .Net Core 7 in this article. I will implement the same concept in the upcoming article in detail. Hope you enjoyed this article and find it useful.
Best ASP.NET Core Hosting
The feature and reliability are the most important things when choosing a good ASP.NET Core hosting. HostForLIFE is the leading provider of Windows hosting and affordable ASP.NET Core , their servers are optimized for PHP web applications such as the latest ASP.NET Core version. The performance and the uptime of the ASP.NET Core hosting service are excellent, and the features of the web hosting plan are even greater than what many hosting providers ask you to pay for. At HostForLIFEASP.NET, customers can also experience fast ASP.NET Core hosting. The company invested a lot of money to ensure the best and fastest performance of the datacenters, servers, network and other facilities. Its data centers are equipped with top equipment like cooling system, fire detection, high-speed Internet connection, and so on. That is why HostForLIFEASP.NET guarantees 99.9% uptime for ASP.NET Core . And the engineers do regular maintenance and monitoring works to assure its ASP.NET Core hosting are security and always up.