Repository files navigation

🚀 Protect your web servers against abuse and ensure optimal performance with automated rate limiting configurations. This project generates and manages rate limit rules for multiple web server platforms, making it easy to implement robust protection against excessive requests.

• ⚙️ Multi-Web Server Support: Generates rate limiting configurations for Apache (ModSecurity), Nginx, Traefik, and HAProxy.
• ⏱️ Centralized Configuration: Uses a singleconfig.yaml file to define global and path-specific rate limits, as well as IP whitelisting/blacklisting.
• 🔄 Automated Updates: GitHub Actions automatically fetch the latest configuration and generate new rules daily.
• 🛡️ Flexible Rate Limiting: Supports limiting by IP address, User-Agent, or custom headers.
• ✅ Easy Integration: Clear instructions and example configurations are provided to quickly integrate rate limiting into your servers.
• 🎛️ Granular Control: Configure rate limits at both global and path-specific levels for detailed control.

• 🔵Nginx
• 🟠Apache (ModSecurity)
• 🟣Traefik
• 🔴HAProxy

limits/├── rate_limit_rules/       # 🔧 Generated rate limit config files│   ├── nginx/              # Nginx rate limit configs│   ├── apache/             # Apache rate limit configs (ModSecurity)│   ├── traefik/            # Traefik rate limit configs│   └── haproxy/            # HAProxy rate limit configs││── import_apache_rate_limit.py│── import_haproxy_rate_limit.py│── import_nginx_rate_limit.py│── import_traefik_rate_limit.py├── ratelimit.py           # ⚙️ Main Script to fetch rate limits config├── ratelimit2nginx.py      # 🔄 Convert rate limit config to Nginx├── ratelimit2apache.py     # 🔄 Convert rate limit config to Apache ModSecurity├── ratelimit2traefik.py    # 🔄 Convert rate limit config to Traefik├── ratelimit2haproxy.py   # 🔄 Convert rate limit config to HAProxy├── config.yaml             # 📝 Configuration file to define rate limits├── requirements.txt        # 📄 Required dependencies└── .github/workflows/      # 🤖 GitHub Actions for automation    └── update_rules.yml

• Theconfig.yaml file allows you to configure your desired rate limits, including global settings, path-specific settings, whitelists, blacklists and advanced options.

# config.yamlglobal:enabled:truerequests_per_minute:60burst:20window:1mlimit_by:ip# limit_by_header: custom_headerpaths:/login:enabled:truerequests_per_minute:10burst:5window:1mlimit_by:ip/api:enabled:truerequests_per_minute:120burst:40window:1mlimit_by:ip'/search/(.*)':enabled:truerequests_per_minute:100burst:20window:1mlimit_by:ipwhitelist:enabled:falseips:     -192.168.1.10     -192.168.1.11/32     -2001:0db8::/32blacklist:enabled:falseips:     -192.168.1.20     -192.168.1.22/32advanced:log_level:info

• Theratelimit.py script loads and validates the configurations fromconfig.yaml.
• ratelimit2nginx.py generates Nginx configuration
• ratelimit2apache.py generates Apache ModSecurity configuration
• ratelimit2traefik.py generates Traefik configuration
• ratelimit2haproxy.py generates HAProxy configuration

• GitHub Actions automatically generate rate limiting configurations daily.
• Modified configuration files are automatically committed and pushed to the repository.

1. Clone the Repository:

   git clone https://github.com/fabriziosalmi/rate-limit-patterns.gitcd rate-limit-patterns

2. Install Dependencies:

   pip install -r requirements.txt

3. Configureconfig.yaml:

   • Adapt theconfig.yaml with your specific requirements.

1. Generate Configuration:

• The rate limit configuration files will be generated automatically by github actions.

2. Integrate configuration with your webserver

• Copyrate_limit_rules/nginx/nginx_rate_limit.conf to your server.
• Include the configuration in your nginx configuration file (nginx.conf)

http{include /path/to/nginx_rate_limit.conf;    ...}

• Copyrate_limit_rules/apache/apache_rate_limit.conf to your server.
• Include the configuration in your apache virtualhost configuration file or inside a.htaccess file.

<VirtualHost*:80>  ...Include /path/to/apache_rate_limit.conf ...</VirtualHost>

• Copy the content ofrate_limit_rules/traefik/traefik_rate_limit.conf to your traefik configuration file (traefik.yml)

  # traefik.yml...http:middlewares:# Insert content of traefik_rate_limit.conf hererouters:# Add the rate limit middlewares to the routes...

*   Copy `rate_limit_rules/haproxy/haproxy_rate_limit.conf` to your server.*   Include the configuration in your HAProxy configuration file (`haproxy.cfg`)

  frontend http-in      # Insert the content of haproxy_rate_limit.conf here  ...

• Daily Updates: GitHub Actions fetches new rate limit configurations daily at midnight UTC.
• Auto Deployment: Pushes new configuration files directly torate_limit_rules/.
• Manual Trigger: Updates can also be triggered manually.

• Fork the repository.
• Create a feature branch (feature/new-feature).
• Commit and push changes.
• Open a Pull Request.

This project is licensed under the MIT License.See theLICENSE file for details.

• Issues? Open a ticket in the Issues tab.

• Nginx Rate Limiting
• Apache mod_ratelimit
• Traefik Rate Limiting
• HAProxy Rate Limiting