如何防止在请求中更改“X-Real-IP”后重置速率限制
how prevent rate limit reset after change `X-Real-IP` in request
我正在使用 AspNetCoreRateLimit 包和
每次请求速率限制已被控制,但是当在请求中更改 X-Real-IP 时,速率限制将重置。
它是我的代码的一部分:
"IpRateLimiting": {
"EnableEndpointRateLimiting": true,
"StackBlockedRequests": false,
"RealIpHeader": "X-Real-IP",
"ClientIdHeader": "X-ClientId",
"HttpStatusCode": 429,
"IpWhitelist": [ "127.0.0.1" ],
"EndpointWhitelist": [ "*:/assets/*" ],
"ClientWhitelist": [],
.
.
.
}
如何防止这个安全问题?
您的规则应该如下所示。
"IpRateLimitPolicies": {
"IpRules": [
{
"Ip": "84.247.85.224",
"Rules": [
{
"Endpoint": "*",
"Period": "1s",
"Limit": 10
},
{
"Endpoint": "*",
"Period": "15m",
"Limit": 200
}
]
},
{
"Ip": "192.168.3.22/25",
"Rules": [
{
"Endpoint": "*",
"Period": "1s",
"Limit": 5
},
{
"Endpoint": "*",
"Period": "15m",
"Limit": 150
},
{
"Endpoint": "*",
"Period": "12h",
"Limit": 500
}
]
}
]
}
在路径 /etc/nginx/sites-enabled 的 nginx 设置中,在 Location 部分添加此行:
proxy_set_header X-Real-IP $remote_addr;
我正在使用 AspNetCoreRateLimit 包和 每次请求速率限制已被控制,但是当在请求中更改 X-Real-IP 时,速率限制将重置。
它是我的代码的一部分:
"IpRateLimiting": {
"EnableEndpointRateLimiting": true,
"StackBlockedRequests": false,
"RealIpHeader": "X-Real-IP",
"ClientIdHeader": "X-ClientId",
"HttpStatusCode": 429,
"IpWhitelist": [ "127.0.0.1" ],
"EndpointWhitelist": [ "*:/assets/*" ],
"ClientWhitelist": [],
.
.
.
}
如何防止这个安全问题?
您的规则应该如下所示。
"IpRateLimitPolicies": {
"IpRules": [
{
"Ip": "84.247.85.224",
"Rules": [
{
"Endpoint": "*",
"Period": "1s",
"Limit": 10
},
{
"Endpoint": "*",
"Period": "15m",
"Limit": 200
}
]
},
{
"Ip": "192.168.3.22/25",
"Rules": [
{
"Endpoint": "*",
"Period": "1s",
"Limit": 5
},
{
"Endpoint": "*",
"Period": "15m",
"Limit": 150
},
{
"Endpoint": "*",
"Period": "12h",
"Limit": 500
}
]
}
]
}
在路径 /etc/nginx/sites-enabled 的 nginx 设置中,在 Location 部分添加此行:
proxy_set_header X-Real-IP $remote_addr;