Rate limit

    As of Envoy v1.18 the v2 API has been removed and is no longer supported.

    If you are upgrading from v2 API config you may wish to view the v2 API documentation:

    This extension may be referenced by the qualified name

    Note

    This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

    Tip

    This extension extends and can be used with the following extension category:

    Rate limit .

    [extensions.filters.http.ratelimit.v3.RateLimit proto]

    domain

    (, REQUIRED) The rate limit domain to use when calling the rate limit service.

    stage

    (uint32) Specifies the rate limit configurations to be applied with the same stage number. If not set, the default stage number is 0.

    Note

    The filter supports a range of 0 - 10 inclusively for stage numbers.

    () The type of requests the filter should apply to. The supported types are internal, external or both. A request is considered internal if x-envoy-internal is set to true. If is not set or false, a request is considered external. The filter defaults to both, and it will apply to all request types.

    timeout

    (Duration) The timeout in milliseconds for the rate limit service RPC. If not set, this defaults to 20ms.

    failure_mode_deny

    () The filter’s behaviour in case the rate limiting service does not respond back. When it is set to true, Envoy will not allow traffic in case of communication failure between rate limiting service and the proxy.

    rate_limited_as_resource_exhausted

    (bool) Specifies whether a RESOURCE_EXHAUSTED gRPC code must be returned instead of the default UNAVAILABLE gRPC code for a rate limited gRPC call. The HTTP code will be 200 for a gRPC response.

    rate_limit_service

    (, REQUIRED) Configuration for an external rate limit service provider. If not specified, any calls to the rate limit service will immediately return success.

    enable_x_ratelimit_headers

    (extensions.filters.http.ratelimit.v3.RateLimit.XRateLimitHeadersRFCVersion) Defines the standard version to use for X-RateLimit headers emitted by the filter:

    • X-RateLimit-Limit - indicates the request-quota associated to the client in the current time-window followed by the description of the quota policy. The values are returned by the rate limiting service in field. Example: 10, 10;w=1;name=”per-ip”, 1000;w=3600.

    • - indicates the remaining requests in the current time-window. The values are returned by the rate limiting service in limit_remaining field.

    In case rate limiting policy specifies more then one time window, the values above represent the window that is closest to reaching its limit.

    For more information about the headers specification see selected version of the .

    disable_x_envoy_ratelimited_header

    (bool) Disables emitting the header in case of rate limiting (i.e. 429 responses). Having this header not present potentially makes the request retriable.

    [extensions.filters.http.ratelimit.v3.RateLimit.XRateLimitHeadersRFCVersion proto]

    Defines the version of the standard to use for X-RateLimit headers.

    OFF

    (DEFAULT) ⁣X-RateLimit headers disabled.

    DRAFT_VERSION_03

    ⁣Use .

    [extensions.filters.http.ratelimit.v3.RateLimitPerRoute proto]

    1. "vh_rate_limits": "..."

    vh_rate_limits

    () Specifies if the rate limit filter should include the virtual host rate limits.

    [extensions.filters.http.ratelimit.v3.RateLimitPerRoute.VhRateLimitsOptions proto]

    OVERRIDE

    (DEFAULT) ⁣Use the virtual host rate limits unless the route has a rate limit policy.

    INCLUDE

    ⁣Use the virtual host rate limits even if the route has a rate limit policy.

    ⁣Ignore the virtual host rate limits even if the route does not have a rate limit policy.