Hi, would be great to enrich the SemaphoreValve to support few more things. Obvious and easy ones are: 1. deniedStatus and have a default implementation of permitDenied setting this status (Note: if not possible in current valve a EnhancedSemaphoreValve would be good enough) 2. controlConcurrency should enable to match a requestUri, I guess a includeRequestUris and excludeRequestUris is the way to go On probably a bit more difficult side, it would be great to support asynchronism limiting. This one can require to move the valve to a filter to be able to wrap the AsyncContext to have the right hooks but this would make it fully functional. Finally: this valve provides concurrent limit but is there any plan to have rate limiting (based on a time slot)?
I started looking at 2) since I think I saw the request somewhere else as well in the past, but it was a bit messy (I tried using RequestFilterValve as well). Instead I added a new feature to the rewrite valve: https://github.com/apache/tomcat/commit/7a3bbc6e300ced35268fe1c46c90f6b5c752dc5c Since it allows skipping the next valve, if the semaphore valve is configured right after the rewrite valve, it can simply how over it if when a rule matches.
Implemented in 11-M19, 10.1.20 and 9.0.88.