ThrottlingMiddleware logging

[Caleb9]

I'm using the ThrottlingMiddleware in OWIN pipeline. I need to log requests rejected when quota is exceeded.

Since I have my own separate logging middleware preceding the ThrottlingMiddleware in the pipeline (so I can log all failed requests), the first issue for me was to figure out why IOwinContext.Response has HTTP Status of 200 after coming back from ThrottlingMiddleware while I obviously receive 429 in the client. I guess it's because you use IOwinResponse.OnSendingHeaders to populate the response and that happens when all the middlewares are done with processing (correct me if I'm wrong here).

So I decided to go with implementing a separate IThrottleLogger logger. The problem is that as I can see in the source of ThrottlingMiddleware (line 191 in tag 1.4.3), the ThrottleLogEntry is built with null as request value:

// log blocked request
if (Logger != null)
{
    Logger.Log(core.ComputeLogEntry(requestId, identity, throttleCounter, rateLimitPeriod.ToString(), rateLimit, null));
}

I understand that this is probably because you can't build an HttpRequestMessage in OWIN context, but this makes the logger pretty useless for me (I am more interested in the contents of the incoming request rather than client's key or IP).

Is there any way to solve this? Right now it seems to me that simply populating the IOwinContext.Response on the spot would fix my issue but maybe it violates some other assumption.

Thanks in advance.

[Caleb9]

I modified the code to fix this issue by adding new logger type.
Seems to me the best option would be to split this package into two NuGets, one for Web Api and another for Owin. Not sure how hard would it be though.

[MovGP0]

I am unsure if logging of every request in case of an DDoS attack is really the best idea. Maybe it is acceptable to just count the number of such events with a performance counter or ETW event.