Skip to content

Hayak3/caddy2_ratelimit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
handler.go
handler.go
 
 
ratelimit.go
ratelimit.go
 
 

Repository files navigation

Caddy HTTP Rate Limit Module(This is a fork of https://github.com/mholt/caddy-ratelimit)

Thanks to mholt.

This module implements both internal and distributed HTTP rate limiting. Requests can be rejected after a specified rate limit is hit.

Features

  • Multiple rate limit zones
  • IP white list and black list,support cidr
  • RL state persisted through config reloads or restart with redis
  • Distributed rate limiting across a cluster
  • disallow access from some country with geoip

PLANNED:

  • other storage support
  • api for unblock banned ip
  • choice for ratelimit algorithm

Building

To build Caddy with this module, use xcaddy:

$ xcaddy build --with github.com/hayak3/caddy-ratelimit

Distributed rate limiting

We storage the ratelimit status and ip blocked in redis,you can only manually unblock in redis,here is an example. just delete the key "/r/{zonename}/{ip}" in redis

Syntax

This is an HTTP handler module, so it can be used wherever http.handlers modules are accepted.

JSON config

{
	"handler": "rate_limit",
	"rate_limits": {
		"<name>": {
			"match": [],
			"key": "",
			"window": "",
			"max_events": 0
		},
		"distributed": {
			"write_interval": "",
			"read_interval": ""
		},
		"rules": [
			{
				"action": true,
				"cidr": ["192.168.0.0/24"]
			},
			{
				"action": true,
				"city": ["杭州"],
				"country": ["CN"]
			}
		],
		"geoip": "the geoip file"
	}
}

CaddyFile example

http://example.com {
	rate_limit {
		zone static_example {
			max_events 100
			window 1m
		}
		zone dynamic_example {
			max_events 2
			window 5s
		}
		redis {
			addr 127.0.0.1:6379
			password ""
			db 0
		}
		rule {
			{
				action allow
				cidr "192.168.0.1/32" "192.168.0.0/24"
				city "Paris" "London"
			}
			{
				action deny
				cidr "192.168.1.1/32" "192.168.5.0/24"
				city "Paris" "London"
			}
		}
		geoip ./geoip/GeoLite2-City.mmdb
		relocation example.com
	}
	reverse_proxy * http://127.0.0.1:8080 {
		header_up Host {upstream_hostport}
	}
}

JSON example

{
	"apps": {
		"http": {
			"servers": {
				"demo": {
					"listen": [":80"],
					"routes": [
						{
							"handle": [
								{
									"handler": "rate_limit",
									"rate_limits": {
										"static_example": {
											"match": [
												{"method": ["GET"]}
											],
											"key": "static",
											"window": "1m",
											"max_events": 100
										},
										"dynamic_example": {
											"key": "{http.request.remote.host}",
											"window": "5s",
											"max_events": 2
										}
									},
									"rules": [
										{
											"action": true,
											"cidr": ["192.168.0.0/24"]
										},
										{
											"action": true,
											"city": ["杭州"],
											"country": ["CN"]
										}
									],
									"geoip": "./GeoLite2-City.mmdb"
								},
								{
									"handler": "static_response",
									"body": "I'm behind the rate limiter!"
								}
							]
						}
					]
				}
			}
		}
	}
}

About

A distributed ratelimit for caddy2

Resources

Readme

License

Apache-2.0 license
Activity

Stars

6 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases 1

v0.1.0 Latest
Jun 17, 2023

Packages

No packages published

Contributors 6

Languages