Tests whether an HTTP endpoint actually enforces rate limiting.
Most rate-limit skills help you add rate limiting. This one helps
you check if it's working — or if it's missing entirely.
Retry-After headerX-RateLimit-Limit and X-RateLimit-Remaining headers#!/bin/bash
TARGET="${1:-http://localhost:18789/}"
COUNT="${2:-50}"
TMP="/tmp/ratelimit-test-$$.txt"
echo "Target: $TARGET"
echo "Requests: $COUNT"
echo ""
for i in $(seq 1 $COUNT); do
curl -s -o /dev/null -w "%{http_code}" "$TARGET" >> "$TMP"
echo "" >> "$TMP"
done
TOTAL_200=$(grep -c '200' "$TMP" || echo 0)
TOTAL_429=$(grep -c '429' "$TMP" || echo 0)
echo "Allowed (200): $TOTAL_200"
echo "Throttled (429): $TOTAL_429"
echo ""
HEADERS=$(curl -sI "$TARGET")
echo "$HEADERS" | grep -qi "retry-after" && echo "Retry-After: present" || echo "Retry-After: missing"
echo "$HEADERS" | grep -qi "x-ratelimit" && echo "X-RateLimit: present" || echo "X-RateLimit: missing"
echo ""
if [ "$TOTAL_429" -gt 0 ]; then
echo "Result: rate limiting is active ($TOTAL_429/$COUNT throttled)"
else
echo "Result: no rate limiting detected ($TOTAL_200/$COUNT allowed through)"
fi
rm -f "$TMP"
not a security boundary (authenticated callers are trusted operators)
共 1 个版本