stefanprodan/AspNetCoreRateLimit — reverse-engineered prompt

Build me an ASP.NET Core rate limiting middleware library for APIs and MVC apps. I want developers to be able to add it to their app, turn it on in startup, and control how many requests a caller can make by IP address or by a client ID header.

It should support simple rules like 10 calls per second or 1000 calls per 15 minutes, and rules can apply globally or only to a certain HTTP verb and path. When someone goes over the limit, return a clear quota exceeded response and let the app customize that response.

Please include configuration examples, a small sample setup, and tests showing IP limits, client ID limits, different time windows, and scoped endpoint rules. Also make the counters work safely for normal server use, and include an optional Redis backed counter store for multiple servers. Look up current ASP.NET Core docs online if you need to.