Implementing RateLimit Plugin for Coraza WAF

Rate limiting is a technique used by computer systems to control the rate of traffic sent or received by a particular entity (such as an application or a user). The goal of rate limiting is to prevent a single entity from overwhelming the system with too many requests at once causing resource exhaustion, security vulnerabilities, API abuse, and unpredictable behavior. The objective is to develop a plugin for Coraza WAF which prevents ‘rate-based attacks’ and provides more security and stability to the applications behind the wall. In brief, this is to be accomplished by creating a new directive `SecRateLimitOptions` for specifying the rate limit options(no. of requests allowed per minute, the algorithm used, when to clear rate limit, default action if rate limit exceeds) and a new non-disruptive action `rate limit` which enforces rate-limit on the matching chains of SecRule. A more detailed explanation can be found in the proposal PDF. The set of deliverables, in the end, would be the plugin itself, support for distributed systems, and well-written documentation with examples, benchmarks, and recommended settings.