Go to new doc!

+49 228 5552576-0


info@predic8.com

rateLimiter

Description

The rateLimiter plugin limits the number of requests of a client in a period of time. As a default the client requests are grouped by client-Ip address and then counted. There are lots of possibilities to group the requests using the keyExpression. The requests can even be counted from different clients together.

When the gateway is located behind a loadbalancer then the client-Ip address is not the one from the client but the address from the balancer. To get the real Ip-address loadbalancers, Web Application Firewalls and reverse proxies set the ip from the original client into the X-Forwarded-For HTTP header field. The limiter plugin can take the Ip-address from the header.

The X-Forwarded-For header can only be trusted when a trustworthy reverse proxy or load balancer is between the client and server. The gateway not should be reachable directly. Only activate this feature when you know what you are doing.

Can be used in

spring:beans, api, bean, if, interceptor, internalProxy, proxy, registration, request, response, serviceProxy, soapProxy, stompProxy, swaggerProxy, transport and wsStompReassembler

Attributes

Name Required Default Description Example
keyExpression false ip-address The expression the ratelimiter should use to group the requests before counting. The Spring Expression Language (SpEL) is used as language. In the expression the build-in variables request, header, properties can be used.
requestLimit false 1000 Number of requests within the period of measurement.
requestLimitDuration false PT3600S Duration after the limit is reset in the ISO 8600 Duration format, e.g. PT10S for 10 seconds, PT5M for 5 minutes or PT8H for eight hours.
trustForwardedFor false false Set this only to true if you know that are you doing. The function of the ratelimter relys on corrent X-ForwaredFor header values.
trustedProxyCount false 0 Number of trusted proxy servers and loadbalancers. Used to evaluate the X-Forwarded-For header. If both
trustedProxyList
and
trustedProxyCount
is specified, the trustedProxyList is used to determine the client ip address. To make this configuration active set
isTrustForwardedFor
to true.
trustedProxyList false empty String Comma separated list of trusted proxy servers and loadbalancers. Used to evaluate the X-Forwarded-For header. If both trustedProxyList and trustedProxyCount is specified, the trustedProxyList is used to determine the client ip address. To make this configuration active set
isTrustForwardedFor
to true.