package module
Version: v1.6.3 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 29, 2021 License: MIT Imports: 9 Imported by: 3



a rate limit plugin for caddy

Travis CI Go Report Card GoDoc


Excessive requests will be terminated with an error 429 (Too Many Requests)! And X-RateLimit-RetryAfter header will be returned.

For single resource:

ratelimit methods path rate burst unit
  • methods are the request methods it will match (comma separately)

  • path is the file or directory to apply rate limit

  • rate is the limited request in every time unit (r/s, r/m, r/h, r/d, r/w) (e.g. 1)

  • burst is the maximum burst size client can exceed; burst >= rate (e.g. 2)

  • unit is the time interval (currently support: second, minute, hour, day, week)

For multiple resources:

ratelimit methods rate burst unit {
    whitelist CIDR,CIDR
    limit_by_header xxx
    status xxx,xxx
  • whitelist is the keyword for whitelist your trusted ips (comma separately). CIDR is the IP range you don't want to perform rate limit. whitelist is a general rule, it won't target for specific resource.
  • limit_by_header is the keyword for matching the request header. Like whitelist, it's also a general rule. Note: normally you shouldn't apply this rule unless the default limit by ip is not what you want and you want to limit by request header(e.g. Authorization).
  • status is the keyword for matching the response status code (comma separately). If this rule is triggered, all subsequent requests from that client will be blocked regardless of which status code is returned or which resource is requested. Note: this won't block resources not defined in ratelimit's config.
  • resources is a list of files/directories to apply rate limit, one per line

Note: If you don't want to apply rate limit on some special resources, add ^ in front of the path.


Limit clients to 2 requests per second (bursts of 3) to any methods and any resources under /r:

ratelimit * /r 2 3 second

Don't perform rate limit if requests come from or ~, for the listed paths, limit clients to 2 requests per minute (bursts of 2) if the request method is GET or POST and always ignore /dist/app.js:

ratelimit get,post 2 2 minute {
    status *


curl https://getcaddy.com | bash -s personal http.ratelimit


docker run -d -p 2016:2016 -v `pwd`/Caddyfile:/go/src/github.com/xuqingfeng/caddy-rate-limit/Caddyfile --name ratelimit xuqingfeng/caddy-rate-limit

Inspired by






This section is empty.


This section is empty.


func GetRemoteIP

func GetRemoteIP(r *http.Request) (string, error)

GetRemoteIP returns the ip of requester Doesn't care if the ip is real or not

func IsWhitelistIPAddress added in v1.3.0

func IsWhitelistIPAddress(address string, localIPNets []*net.IPNet) bool

IsWhitelistIPAddress check whether an ip is in whitelist

func MatchMethod added in v1.3.0

func MatchMethod(methods, method string) bool

MatchMethod check whether the request method is in the methods list

func MatchStatus added in v1.5.0

func MatchStatus(status, s string) bool

MatchStatus check whether the upstream response status code is in the status list


type CaddyLimiter

type CaddyLimiter struct {
	Keys map[string]*rate.Limiter

func NewCaddyLimiter

func NewCaddyLimiter() *CaddyLimiter

func (*CaddyLimiter) Allow

func (cl *CaddyLimiter) Allow(keys []string, rule Rule) bool

Allow is just a shortcut for AllowN

func (*CaddyLimiter) AllowN

func (cl *CaddyLimiter) AllowN(keys []string, rule Rule, n int) bool

AllowN check if n count are allowed for a specific key

func (*CaddyLimiter) Reserve added in v1.5.0

func (cl *CaddyLimiter) Reserve(keys []string) bool

Reserve will consume 1 token from `token bucket`

func (*CaddyLimiter) RetryAfter

func (cl *CaddyLimiter) RetryAfter(keys []string) time.Duration

RetryAfter return a helper message for client

type RateLimit

type RateLimit struct {
	Next  httpserver.Handler
	Rules []Rule

RateLimit is an http.Handler that can limit request rate to specific paths or files

func (RateLimit) ServeHTTP

func (rl RateLimit) ServeHTTP(w http.ResponseWriter, r *http.Request) (nextResponseStatus int, err error)

ServeHTTP is the method handling every request

type Rule

type Rule struct {
	Methods       string
	Rate          int64
	Burst         int
	Unit          string
	Whitelist     []string
	LimitByHeader string
	Status        string
	Resources     []string

Rule is a configuration for ratelimit

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL