ratelimit

package
v0.21.241 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 2, 2025 License: Apache-2.0, MIT Imports: 11 Imported by: 4

Documentation

Overview

Package ratelimit provides filters to control the rate limiter settings on the route level.

For detailed documentation of the ratelimit, see https://godoc.org/github.com/zalando/skipper/ratelimit.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewBackendRatelimit added in v0.13.52

func NewBackendRatelimit() filters.Spec

NewBackendRatelimit creates a filter Spec, whose instances instruct proxy to limit request rate towards a particular backend endpoint

func NewClientRatelimit added in v0.10.168

func NewClientRatelimit(provider RatelimitProvider) filters.Spec

NewClientRatelimit creates a instance based client rate limit. If you have 5 instances with 20 req/s, then it would allow 100 req/s to the backend from the same client. A third argument can be used to set which HTTP header of the request should be used to find the same user. Third argument defaults to XForwardedForLookuper, meaning X-Forwarded-For Header.

Example:

backendHealthcheck: Path("/healthcheck")
-> clientRatelimit(20, "1m")
-> "https://foo.backend.net";

Example rate limit per Authorization Header:

login: Path("/login")
-> clientRatelimit(3, "1m", "Authorization")
-> "https://login.backend.net";

func NewClusterClientRateLimit added in v0.10.153

func NewClusterClientRateLimit(provider RatelimitProvider) filters.Spec

NewClusterClientRatelimit creates a rate limiting that is aware of the other instances. The value given here should be the combined rate of all instances. The ratelimit group parameter can be used to select the same ratelimit group across one or more routes.

Example:

backendHealthcheck: Path("/login")
-> clusterClientRatelimit("groupB", 20, "1h")
-> "https://foo.backend.net";

The above example would limit access to "/login" if, the client did more than 20 requests within the last hour to this route across all running skippers in the cluster. A single client can be detected by different data from the http request and defaults to client IP or X-Forwarded-For header, if exists. The optional third parameter chooses the HTTP header to choose a client is counted as the same.

Example:

backendHealthcheck: Path("/login")
-> clusterClientRatelimit("groupC", 20, "1h", "Authorization")
-> "https://foo.backend.net";

func NewClusterLeakyBucketRatelimit added in v0.13.208

func NewClusterLeakyBucketRatelimit(registry *ratelimit.Registry) filters.Spec

NewClusterLeakyBucketRatelimit creates a filter Spec, whose instances implement rate limiting using leaky bucket algorithm.

The leaky bucket is an algorithm based on an analogy of how a bucket with a constant leak will overflow if either the average rate at which water is poured in exceeds the rate at which the bucket leaks or if more water than the capacity of the bucket is poured in all at once. See https://en.wikipedia.org/wiki/Leaky_bucket

Example to allow each unique Authorization header once in five seconds:

clusterLeakyBucketRatelimit("auth-${request.header.Authorization}", 1, "5s", 2, 1)

func NewClusterRateLimit added in v0.10.113

func NewClusterRateLimit(provider RatelimitProvider) filters.Spec

NewClusterRatelimit creates a rate limiting that is aware of the other instances. The value given here should be the combined rate of all instances. The ratelimit group parameter can be used to select the same ratelimit group across one or more routes.

Example:

backendHealthcheck: Path("/healthcheck")
-> clusterRatelimit("groupA", 200, "1m")
-> "https://foo.backend.net";

Optionally a custom response status code can be provided as an argument (default is 429).

Example:

backendHealthcheck: Path("/healthcheck")
-> clusterRatelimit("groupA", 200, "1m", 503)
-> "https://foo.backend.net";

func NewDisableRatelimit

func NewDisableRatelimit(provider RatelimitProvider) filters.Spec

NewDisableRatelimit disables rate limiting

Example:

backendHealthcheck: Path("/healthcheck")
-> disableRatelimit()
-> "https://foo.backend.net";

func NewFailClosed added in v0.13.258

func NewFailClosed() filters.Spec

func NewLocalRatelimit

func NewLocalRatelimit(provider RatelimitProvider) filters.Spec

NewLocalRatelimit is *DEPRECATED*, use NewClientRatelimit, instead

func NewRatelimit

func NewRatelimit(provider RatelimitProvider) filters.Spec

NewRatelimit creates a service rate limiting, that is only aware of itself. If you have 5 instances with 20 req/s, then it would at max allow 100 req/s to the backend.

Example:

backendHealthcheck: Path("/healthcheck")
-> ratelimit(20, "1s")
-> "https://foo.backend.net";

Optionally a custom response status code can be provided as an argument (default is 429).

Example:

backendHealthcheck: Path("/healthcheck")
-> ratelimit(20, "1s", 503)
-> "https://foo.backend.net";

func NewShardedClusterRateLimit added in v0.13.137

func NewShardedClusterRateLimit(provider RatelimitProvider, maxGroupShards int) filters.Spec

NewShardedClusterRateLimit creates a cluster rate limiter that uses multiple group shards to count hits. Based on the configured group and maxHits each filter instance selects N distinct group shards from [1, maxGroupShards]. For every subsequent request it uniformly picks one of N group shards and limits number of allowed requests per group shard to maxHits/N.

For example if maxGroupShards = 10, clusterRatelimit("groupA", 200, "1m") will use 10 distinct groups to count hits and will allow up to 20 hits per each group and thus up to configured 200 hits in total.

Types

type BackendRatelimit added in v0.13.56

type BackendRatelimit struct {
	Settings   ratelimit.Settings
	StatusCode int
}

func (*BackendRatelimit) CreateFilter added in v0.13.56

func (*BackendRatelimit) CreateFilter(args []interface{}) (filters.Filter, error)

func (*BackendRatelimit) Name added in v0.13.56

func (*BackendRatelimit) Name() string

func (*BackendRatelimit) Request added in v0.13.56

func (limit *BackendRatelimit) Request(ctx filters.FilterContext)

func (*BackendRatelimit) Response added in v0.13.56

type FailClosedPostProcessor added in v0.13.258

type FailClosedPostProcessor struct{}

func NewFailClosedPostProcessor added in v0.13.258

func NewFailClosedPostProcessor() *FailClosedPostProcessor

func (*FailClosedPostProcessor) Do added in v0.13.258

Do is implementing a PostProcessor interface to change the filter configs at filter processing time. The fail open/closed decision needs to be done once and can be processed before we activate the new routes.

type RatelimitProvider added in v0.11.190

type RatelimitProvider interface {
	// contains filtered or unexported methods
}

RatelimitProvider returns a limit instance for provided Settings

func NewRatelimitProvider added in v0.11.190

func NewRatelimitProvider(registry *ratelimit.Registry) RatelimitProvider

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL