Local Rate limit

    Note

    This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.

    Tip

    This extension extends and can be used with the following extension category:

    Local Rate limit configuration overview.

    stat_prefix

    (string, REQUIRED) The human readable prefix to use when emitting stats.

    status

    () This field allows for a custom HTTP response status code to the downstream client when the request has been rate limited. Defaults to 429 (TooManyRequests).

    Note

    If this is set to < 400, 429 will be used instead.

    token_bucket

    Note

    It’s fine for the token bucket to be unset for the global configuration since the rate limit can be applied at a the virtual host or route level. Thus, the token bucket must be set for the per route configuration otherwise the config will be rejected.

    Note

    When using per route configuration, the bucket becomes unique to that route.

    Note

    In the current implementation the token bucket’s fill_interval must be >= 50ms to avoid too aggressive refills.

    filter_enabled

    () If set, this will enable – but not necessarily enforce – the rate limit for the given fraction of requests. Defaults to 0% of requests for safety.

    filter_enforced

    (config.core.v3.RuntimeFractionalPercent) If set, this will enforce the rate limit decisions for the given fraction of requests.

    Note: this only applies to the fraction of enabled requests.

    Defaults to 0% of requests for safety.

    request_headers_to_add_when_not_enforced

    response_headers_to_add

    (repeated ) Specifies a list of HTTP headers that should be added to each response for requests that have been rate limited. This occurs when the filter is either enabled or fully enforced.

    descriptors

    (repeated extensions.common.ratelimit.v3.LocalRateLimitDescriptor) The rate limit descriptor list to use in the local rate limit to override on. The rate limit descriptor is selected by the first full match from the request descriptors.

    Example on how to use :

    Note

    In the current implementation the descriptor’s token bucket fill_interval must be a multiple global fill interval.

    The descriptors must match verbatim for rate limiting to apply. There is no partial match by a subset of descriptor entries in the current implementation.

    stage

    (uint32) Specifies the rate limit configurations to be applied with the same stage number. If not set, the default stage number is 0.

    Note

    The filter supports a range of 0 - 10 inclusively for stage numbers.

    local_rate_limit_per_downstream_connection