Comments (7)
Per the doc of Preflighted requests:
Unlike “simple requests” (discussed above), for "preflighted" requests the browser first sends an HTTP request using the OPTIONS method to the resource on the other origin, in order to determine if the actual request is safe to send.
So if the OPTIONS request is limited, then you will encounter a CORS error. Try to just limit the actual request by using the method matcher.
from caddy-ext.
@swapnil2525kangralkar With the Caddyfile you provided, I got the corresponding config in JSON as below:
{
"apps": {
"http": {
"servers": {
"srv0": {
"routes": [
{
"handle": [
{
"routes": [
{
"handle": [
{
"rate": "50r/m",
"handler": "rate_limit",
"key": "{remote.ip}"
}
]
},
{
"handle": [
{
"status_code": 200,
"handler": "static_response"
}
]
}
],
"handler": "subroute"
}
],
"match": [
{
"path": [
"/v1/graphql"
]
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [
{
"dial": "graphql-engine:8080"
}
]
}
]
}
],
"listen": [
":8080"
]
}
}
}
}
}
By changing the rate to 5r/m
, rate_limit
is confirmed to be effective for me:
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql'
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql'
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql'
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql'
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql'
200
$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql'
429
from caddy-ext.
@swapnil2525kangralkar With the Caddyfile you provided, I got the corresponding config in JSON as below:
{ "apps": { "http": { "servers": { "srv0": { "routes": [ { "handle": [ { "routes": [ { "handle": [ { "rate": "50r/m", "handler": "rate_limit", "key": "{remote.ip}" } ] }, { "handle": [ { "status_code": 200, "handler": "static_response" } ] } ], "handler": "subroute" } ], "match": [ { "path": [ "/v1/graphql" ] } ] }, { "handle": [ { "handler": "reverse_proxy", "upstreams": [ { "dial": "graphql-engine:8080" } ] } ] } ], "listen": [ ":8080" ] } } } } }By changing the rate to
5r/m
,rate_limit
is confirmed to be effective for me:$ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 200 $ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 200 $ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 200 $ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 200 $ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 200 $ curl -w "%{http_code}" 'http://localhost:8080/v1/graphql' 429
from caddy-ext.
Thanks @RussellLuo,
Checked - working on curl on my side also.
I will recheck all configs why it is not working on brower.
Might be some other issue.
For now closing will update if anything related.
from caddy-ext.
I am trying to limit
/v1/graphql
with ip but I am gettingCORS error
.
If route/v1
is used no error but api limit does not work.
CORS is a browser-related mechanism, see here for details.
I guess that you have configured CORS headers for upstream graphql-engine:8080
, but not for /v1/graphql
. Try this Caddyfile instead:
:8080 {
reverse_proxy graphql-engine:8080
route /v1/graphql {
rate_limit {remote.ip} 50r/m
# CORS headers
header Access-Control-Allow-Origin *
header Access-Control-Allow-Methods GET
header Access-Control-Allow-Credentials true
respond 200
}
}
from caddy-ext.
For anyone who needs to setup hasura graphql and caddy 2.0 with ratelimit ext (docker-compose).
- Default: 120r/min for ip address.
- custom caddy 2.0 docker image with caddy extension.
Github: https://github.com/swapnil2525kangralkar/caddy_hasura_ratelimit
from caddy-ext.
I also get a CORS error when the limit happens, actually, first 100 request are ok until the user reaches the rate limit and it shows CORS error, any idea?
from caddy-ext.
Related Issues (20)
- Just FYI regarding requestbodyvar HOT 1
- Add to Caddy download page HOT 4
- Release new version of Ratelimit module HOT 2
- Error during parsing rate_limit HOT 1
- {path.<var>} not work HOT 1
- Rate limit plugin doesn't work with go 1.20 without an env variable set HOT 8
- Question about setting up HOT 2
- ratelimit: how to use ip_prefix with both IPv4 & IPv6? HOT 2
- Specify host for layer4 HOT 2
- Can't Build Caddy with Module Flagr
- rate_limit does not trigger HOT 5
- Better rate controllability HOT 2
- Cant build (undefined: caddy.ListenPacket)
- Custom error response HOT 5
- Rate limiting by IPv6 block HOT 19
- Handler support for l4 plugin HOT 1
- ratelimit: optionally respond with IETF draft Ratelimit-* headers HOT 3
- ratelimit plugin don't work on go 1.19 HOT 1
- layer4: does this support ssh matchers? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from caddy-ext.