Nazeh.RateLimiting 1.0.0

.NET 7.0 This package targets .NET 7.0. The package is compatible with this framework or higher. 
dotnet add package Nazeh.RateLimiting --version 1.0.0
                    


                    

                
NuGet\Install-Package Nazeh.RateLimiting -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Nazeh.RateLimiting" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Nazeh.RateLimiting" Version="1.0.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Nazeh.RateLimiting" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Nazeh.RateLimiting --version 1.0.0
                    


                    

                
#r "nuget: Nazeh.RateLimiting, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Nazeh.RateLimiting@1.0.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Nazeh.RateLimiting&version=1.0.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Nazeh.RateLimiting&version=1.0.0
                    


                            Install as a Cake Tool

Nazeh.RateLimiting

NuGet License: MIT

A simple, configurable wrapper around ASP.NET Core Rate Limiting with support for multiple policies, IP-based limiting, and easy configuration through appsettings.json.

Features

Easy Configuration - Configure all rate limiting policies through appsettings.json
Multiple Policies - Global, API, Authentication, and IP-based policies
Sliding Window Support - Advanced sliding window algorithm for smoother rate limiting
Proxy-Aware - Automatically detects client IP behind proxies (X-Forwarded-For, X-Real-IP)
Structured Logging - Integrates with ILogger for proper logging
Modern .NET - Supports .NET 7.0, 8.0, 9.0, and 10.0

Installation

Install via NuGet Package Manager:

dotnet add package Nazeh.RateLimiting

Or via Package Manager Console:

Install-Package Nazeh.RateLimiting

Quick Start

1. Configure appsettings.json

Add the RateLimiting section to your appsettings.json:

{
  "RateLimiting": {
    "Enabled": true,
    "GlobalLimit": {
      "PermitLimit": 100,
      "Window": "00:01:00",
      "QueueLimit": 0
    },
    "ApiLimit": {
      "PermitLimit": 20,
      "Window": "00:01:00",
      "QueueLimit": 0
    },
    "AuthenticationLimit": {
      "PermitLimit": 5,
      "Window": "00:01:00",
      "QueueLimit": 0
    },
    "IpLimit": {
      "PermitLimit": 200,
      "Window": "00:01:00",
      "QueueLimit": 0,
      "SegmentSize": 10
    }
  }
}

2. Register Services in Program.cs

Add rate limiting to your application with just two lines:

using Nazeh.RateLimiting;

var builder = WebApplication.CreateBuilder(args);

// 1. Add rate limiting services
builder.Services.AddEasyRateLimiting(builder.Configuration);

var app = builder.Build();

// 2. Use rate limiting middleware
app.UseRateLimiter();

app.MapGet("/", () => "Hello World!"); // Protected by global limit

app.Run();

3. Apply Specific Policies to Endpoints

Use the built-in policies on specific endpoints:

// API endpoint with API rate limit
app.MapGet("/api/data", () => new { message = "API Data" })
   .RequireRateLimiting("api");

// Authentication endpoint with stricter limits
app.MapPost("/auth/login", ([FromBody] LoginRequest request) => 
{
    // Login logic
    return Results.Ok(new { token = "..." });
})
.RequireRateLimiting("authentication");

// IP-based sliding window limit
app.MapGet("/public/data", () => "Public data")
   .RequireRateLimiting("ip");

Configuration Options

RateLimitingOptions

Property Type Description Default
Enabled bool Enable or disable rate limiting globally true
GlobalLimit RateLimitPolicy Global rate limit for all requests 100 req/min
ApiLimit RateLimitPolicy Rate limit for API endpoints 20 req/min
AuthenticationLimit RateLimitPolicy Rate limit for auth endpoints 5 req/min
IpLimit SlidingWindowRateLimitPolicy IP-based sliding window limit 200 req/min

RateLimitPolicy

Property Type Description
PermitLimit int Maximum requests allowed in the time window
Window TimeSpan Time window duration (e.g., "00:01:00" for 1 minute)
QueueLimit int Number of requests that can be queued when limit is reached

SlidingWindowRateLimitPolicy

Extends RateLimitPolicy with:

Property Type Description
SegmentSize int Number of segments per window for sliding calculation

Advanced Usage

Custom Configuration Section

Use a different configuration section name:

builder.Services.AddEasyRateLimiting(builder.Configuration, "MyCustomRateLimiting");

Environment-Specific Configuration

Override settings in appsettings.Development.json:

{
  "RateLimiting": {
    "Enabled": false
  }
}

Behind a Reverse Proxy

The library automatically detects the client IP from:

  • X-Forwarded-For header (takes the first IP)
  • X-Real-IP header
  • RemoteIpAddress (fallback)

Make sure your reverse proxy (nginx, IIS, etc.) is configured to pass these headers.

Response Format

When rate limit is exceeded, the API returns a 429 Too Many Requests response:

{
  "error": "Too many requests",
  "message": "Rate limit exceeded. Please try again later.",
  "retryAfter": 45.5
}

Headers included:

  • Retry-After: Seconds until the rate limit resets

Logging

The library logs rate limit events using ILogger:

[Warning] Rate limit exceeded for IP 192.168.1.100 on endpoint /api/data. Retry after: 30 seconds

Works with any logging provider (Serilog, NLog, Console, etc.).

Examples

Minimal API Example

using Nazeh.RateLimiting;

var builder = WebApplication.CreateBuilder(args);
builder.Services.AddEasyRateLimiting(builder.Configuration);

var app = builder.Build();
app.UseRateLimiter();

app.MapGet("/", () => "Hello!"); // Global limit only

app.MapGet("/api/users", () => new[] { "Alice", "Bob" })
   .RequireRateLimiting("api");

app.MapPost("/login", () => Results.Ok())
   .RequireRateLimiting("authentication");

app.Run();

Controller Example

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.RateLimiting;

[ApiController]
[Route("api/[controller]")]
public class ProductsController : ControllerBase
{
    [HttpGet]
    [EnableRateLimiting("api")]
    public IActionResult GetProducts()
    {
        return Ok(new[] { "Product1", "Product2" });
    }

    [HttpPost]
    [EnableRateLimiting("api")]
    public IActionResult CreateProduct([FromBody] Product product)
    {
        return Created($"/api/products/{product.Id}", product);
    }
}

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

Support

If you encounter any issues or have questions:

Credits

Built with ❤️ by Ahmed Nazeh using ASP.NET Core Rate Limiting.

Product Compatible and additional computed target framework versions.
.NET net7.0 is compatible.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net10.0

    • No dependencies.

  • net7.0

    • No dependencies.

  • net8.0

    • No dependencies.

  • net9.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.0 292 12/16/2025

Initial release v1.0.0 - Easy rate limiting with configurable policies for .NET 7+