IpRateLimit EnableEndpointRateLimiting true StackBlockedRequests false RealIpHeader X-Real-IP ClientIdHeader X-ClientId HttpStatusCode 429 GeneralRules Endpoint

The "IpRateLimit" section contains the configuration for rate limiting requests based on IP addresses.

• "EnableEndpointRateLimiting": This flag enables endpoint-specific rate limiting.
• "StackBlockedRequests": This flag determines whether blocked requests are stacked or rejected immediately.
• "RealIpHeader": Specifies the header containing the real IP address of the client.
• "ClientIdHeader": Specifies the header containing the client ID.
• "HttpStatusCode": The HTTP status code returned when a request is blocked due to rate limiting.

The "GeneralRules" array contains general rate limiting rules that apply to all endpoints unless overridden by specific endpoint rules. Each rule has the following properties:

• "Endpoint": The endpoint pattern to apply the rule to.
• "Period": The time window for rate limiting, specified in seconds (s) or minutes (m).
• "Limit": The maximum number of requests allowed within the specified period.
• "CounterKeyBuilder": The method for building the counter key, which can be "Path" or "ClientId".
• "Priority": The priority of the rule. Lower values have higher priority.

The "EndpointRules" array contains endpoint-specific rate limiting rules that override the general rules for specific endpoints. Each rule has the same properties as the general rules.

For example, in the given configuration:

• All endpoints have a general rule that limits requests to 5 per second based on the path, with a priority of 1.
• All endpoints have another general rule that limits requests to 100 per minute based on the client ID, with a priority of 2.
• The "/api/Dashboard/GetSum" endpoint has an endpoint-specific rule that limits requests to 19 per minute based on the path, with a priority of 1