Wallero.RateLimiting 1.0.0

.NET Standard 2.1

dotnet add package Wallero.RateLimiting --version 1.0.0

NuGet\Install-Package Wallero.RateLimiting -Version 1.0.0

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Wallero.RateLimiting" Version="1.0.0" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Wallero.RateLimiting" Version="1.0.0" />
                    

                            Directory.Packages.props

<PackageReference Include="Wallero.RateLimiting" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Wallero.RateLimiting --version 1.0.0

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Wallero.RateLimiting, 1.0.0"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Wallero.RateLimiting@1.0.0

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Wallero.RateLimiting&version=1.0.0
                    

                            Install as a Cake Addin

#tool nuget:?package=Wallero.RateLimiting&version=1.0.0
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Wallero.RateLimiting

Copyright

A production-ready, flexible IP and route-based rate-limiting middleware package for Wallero Technologies applications, providing robust throttling with license validation and configuration from appsettings.json.

Installation

Install the package via NuGet:

dotnet add package Wallero.RateLimiting --version 1.0.0

Configuration

Configure settings in your appsettings.json and appsettings.Development.json:

appsettings.json

{
  "WalleroConfiguration": {
    "LicenseKey": "Wallero-License-2025-Secure"
  },
  "RateLimitingSettings": {
    "SpecificPaths": [
      "/Authentication/SignIn",
      "/Authentication/SignUp"
    ],
    "GeneralControllerPaths": [
      "/User"
    ],
    "MinuteLimit": 20,
    "MinutePeriod": 1,
    "HourLimit": 200,
    "HourPeriod": 1,
    "SpecificLimit": 100,
    "SpecificMinutesPeriod": 5,
    "GeneralLimit": 150,
    "GeneralMinutesPeriod": 5,
    "ApiCallTime": 5
  }
}

appsettings.Development.json

{
  "RateLimitingSettings": {
    "SpecificPaths": [
      "/Authentication/SignIn",
      "/Authentication/SignUp"
    ],
    "GeneralControllerPaths": [
      "/User"
    ],
    "MinuteLimit": 100,
    "MinutePeriod": 5,
    "HourLimit": 10000,
    "HourPeriod": 1,
    "SpecificLimit": 5000,
    "SpecificMinutesPeriod": 5,
    "GeneralLimit": 5000,
    "GeneralMinutesPeriod": 5,
    "ApiCallTime": 5
  }
}

Setup

Add to your `Program.cs`:

using Wallero.RateLimiting.Extensions;

var builder = WebApplication.CreateBuilder(args);

// Add controllers
builder.Services.AddControllers();
builder.Services.AddHttpContextAccessor();

// Add Wallero Rate Limiting
builder.Services.AddWalleroRateLimiting(builder.Configuration);

var app = builder.Build();

// Use rate limiting middleware (before authentication)
app.UseWalleroRateLimiting();

app.UseAuthentication();
app.UseAuthorization();
app.MapControllers();

app.Run();

Rate Limiting Types

The middleware applies different rate limiting strategies based on request paths:

1. Specific Path Rate Limiting

Paths listed in SpecificPaths have both minute and hour-based limits:

Minute Limit: Max requests per minute period
Hour Limit: Max requests per hour period

2. Controller-Based Rate Limiting

Paths starting with any path in GeneralControllerPaths are rate limited per controller:

Specific Limit: Max requests per controller within the specified period

3. General Rate Limiting

All other paths fall under general rate limiting:

General Limit: Max requests per path within the specified period

4. API Call Time Monitoring

Monitors API response times and logs warnings for slow endpoints exceeding ApiCallTime threshold.

Configuration Parameters

Parameter	Description	Default
`SpecificPaths`	Array of paths with minute/hour limits	`[]`
`GeneralControllerPaths`	Array of controller base paths	`[]`
`MinuteLimit`	Max requests per minute for specific paths	`20`
`MinutePeriod`	Minute period duration	`1`
`HourLimit`	Max requests per hour for specific paths	`200`
`HourPeriod`	Hour period duration	`1`
`SpecificLimit`	Max requests for controller paths	`100`
`SpecificMinutesPeriod`	Period for controller limits (minutes)	`5`
`GeneralLimit`	Max requests for general paths	`150`
`GeneralMinutesPeriod`	Period for general limits (minutes)	`5`
`ApiCallTime`	Max API call time threshold (seconds)	`5`

Usage

Basic Usage

Once configured, the middleware automatically applies rate limiting to all incoming requests based on:

Client IP address
Request path
Configured limits

Testing Rate Limits

Create a test controller to validate rate limiting:

[ApiController]
public class RateLimitTestController : ControllerBase
{
    [HttpGet("/Authentication/SignIn")]
    public IActionResult TestSignIn()
    {
        return Ok("SignIn endpoint reached");
    }

    [HttpGet("/User/Dashboard")]
    public IActionResult TestUserDashboard()
    {
        return Ok("User Dashboard reached");
    }

    [HttpGet("/General/Test")]
    public IActionResult TestGeneral()
    {
        return Ok("General endpoint reached");
    }
}

Response Format

When rate limits are exceeded, the middleware returns HTTP 429 with JSON response:

{
  "StatusCode": 429,
  "IsSuccess": false,
  "Error": "You have exceeded the allowed attempts. Please try again later."
}

Features

Multi-Level Rate Limiting: Specific paths, controller-based, and general rate limiting
IP-Based Tracking: Prevents abuse from individual IP addresses
Wallero License Integration: Secure license validation using shared WalleroConfiguration
Configurable Settings: All limits managed through appsettings.json
Development vs Production: Different rate limits for development and production environments
Memory Management: Automatic cleanup of expired request counters every 5 minutes
Performance Monitoring: Logs warnings for API calls exceeding time thresholds
Thread-Safe: Uses ConcurrentDictionary for safe concurrent access
Flexible Configuration: Override settings via action delegate in service registration

Environment Behavior

Development: Higher limits for easier testing and development
Production: Stricter limits for security and resource protection
Automatic Cleanup: Expired rate limit entries are cleaned up every 5 minutes

License

This project is licensed under the MIT License and requires a valid Wallero license key.

Contact

For support, contact Wallero Technologies at support@wallero.com

Product	Compatible and additional computed target framework versions.
.NET	net5.0 was computed. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. net9.0 was computed. net9.0-android was computed. net9.0-browser was computed. net9.0-ios was computed. net9.0-maccatalyst was computed. net9.0-macos was computed. net9.0-tvos was computed. net9.0-windows was computed. net10.0 was computed. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.
.NET Core	netcoreapp3.0 was computed. netcoreapp3.1 was computed.
.NET Standard	netstandard2.1 is compatible.
MonoAndroid	monoandroid was computed.
MonoMac	monomac was computed.
MonoTouch	monotouch was computed.
Tizen	tizen60 was computed.
Xamarin.iOS	xamarinios was computed.
Xamarin.Mac	xamarinmac was computed.
Xamarin.TVOS	xamarintvos was computed.
Xamarin.WatchOS	xamarinwatchos was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

.NETStandard 2.1
- Microsoft.AspNetCore.Http.Abstractions (>= 2.2.0)
- Microsoft.Extensions.Configuration.Abstractions (>= 8.0.0)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 8.0.0)
- Microsoft.Extensions.Logging.Abstractions (>= 8.0.0)
- Microsoft.Extensions.Options (>= 8.0.0)
- Microsoft.Extensions.Options.ConfigurationExtensions (>= 8.0.0)
- System.Text.Json (>= 9.0.0)
- Wallero.Security (>= 1.0.2)

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
1.0.0	80	8/15/2025

Initial release targeting netstandard2.1 with Microsoft.Extensions 8.x dependencies.