Rate Limiting

Ocelot Own Implementation

Ocelot supports rate limiting of upstream requests so that your downstream services do not become overloaded.

The authors of this feature were inspired by @catcherwong article to finally write this documentation. This feature was added by @geffzhang on GitHub! Thanks very much!

To get rate limiting working for a Route you need to add the following JSON to it:

"RateLimitOptions": {
  "ClientWhitelist": [],
  "EnableRateLimiting": true,
  "Period": "1s",
  "PeriodTimespan": 1,
  "Limit": 1
}
  • ClientWhitelist - This is an array that contains the whitelist of the client. It means that the client in this array will not be affected by the rate limiting.

  • EnableRateLimiting - This value specifies enable endpoint rate limiting.

  • Period - This value specifies the period that the limit applies to, such as 1s, 5m, 1h, 1d and so on. If you make more requests in the period than the limit allows then you need to wait for PeriodTimespan to elapse before you make another request.

  • PeriodTimespan - This value specifies that we can retry after a certain number of seconds.

  • Limit - This value specifies the maximum number of requests that a client can make in a defined period.

You can also set the following in the GlobalConfiguration part of ocelot.json:

"GlobalConfiguration": {
  "BaseUrl": "https://api.mybusiness.com",
  "RateLimitOptions": {
    "DisableRateLimitHeaders": false,
    "QuotaExceededMessage": "Customize Tips!",
    "HttpStatusCode": 123,
    "ClientIdHeader": "Test"
  }
}
  • DisableRateLimitHeaders - This value specifies whether X-Rate-Limit and Retry-After headers are disabled.

  • QuotaExceededMessage - This value specifies the exceeded message.

  • HttpStatusCode - This value specifies the returned HTTP status code when rate limiting occurs.

  • ClientIdHeader - Allows you to specifiy the header that should be used to identify clients. By default it is ClientId

Future and ASP.NET Core Implementation

The Ocelot team considers to redesign Rate Limiting feature, because of Announcing Rate Limiting for .NET by Brennan Conroy on July 13th, 2022. There is no decision at the moment, and the old version of the feature is included as a part of release 20.0 for .NET 7.

See more about new feature being added into ASP.NET Core 7.0 release:

However, it makes sense to keep the old implementation as a Ocelot built-in native feature, but we are going to migrate to the new Rate Limiter from Microsoft.AspNetCore.RateLimiting namespace.

Please, share your opinion to us in the Discussions space of the repository. octocat