Rate limiting controls client request frequency, protecting web applications from overload and abuse. It helps maintain stability, security, and performance by preventing DDoS attacks and traffic spikes, ensuring fair resource allocation and system reliability.
Nomirun Host has built-in ASP.NET native support for rate limiting.
Rate limiting can be configured in the Nomirun Host configuration as seen in the example below:
{
"Nomirun.Host": {
"RateLimiting": {
"Policies": [
{
"Endpoint": "Global",
"Limit": 250,
"PeriodInSeconds": 5
}
]
}
}
}The default Global policy configuration is applied across the whole Nomirun Host. It can be adjusted based on your comapnie’s requirements.
Each policy contains:
Endpoint which is the HTTP endpointLimit represents the request limit defined in the PeriodInSeconds.PeriodInSeconds is the period in seconds in where the number of allowed requests is defined by Limit property.You can add multiple policies that will be automatically registered with Nomirun Host. For example, we can extend the policy to rate limit the /users endpoint separately:
{
"Nomirun.Host": {
"RateLimiting": {
"Policies": [
{
"Endpoint": "Global",
"Limit": 250,
"PeriodInSeconds": 5
},
{
"Endpoint": "/users",
"Limit": 100,
"PeriodInSeconds": 3
}
]
}
}
}If the
RateLimitingis missing from the configuration then the default global configuration is defined withLimit= 250,PeriodInSeconds= 5.
Note that rate limiting counting is a localized value confined to the running Nomirun Host. The rate limitstate is not stored in any distributed cache such as Redis.