The rateLimiter plugin limits the number of requests of a client in a period of time. As a default the client requests are grouped by client-Ip address and then counted. There are lots of possibilities to group the requests using the keyExpression. The requests can even be counted from different clients together.
When the gateway is located behind a loadbalancer then the client-Ip address is not the one from the client but the address from the balancer. To get the real Ip-address loadbalancers, Web Application Firewalls and reverse proxies set the ip from the original client into the X-Forwarded-For HTTP header field. The limiter plugin can take the Ip-address from the header.
The X-Forwarded-For header can only be trusted when a trustworthy reverse proxy or load balancer is between the client and server. The gateway not should be reachable directly. Only activate this feature when you know what you are doing.
Syntax
rateLimiter:
'$ref': <string>
keyExpression: <string>
language: groovy
requestLimit: <number>
requestLimitDuration: <string>
trustedProxyCount: <number>
trustedProxyList: <string>
trustForwardedFor: <boolean>
xmlConfig: {}
rateLimiter:
'$ref': <string>
keyExpression: <string>
language: groovy
requestLimit: <number>
requestLimitDuration: <string>
trustedProxyCount: <number>
trustedProxyList: <string>
trustForwardedFor: <boolean>
xmlConfig: {}
Attributes
| Name | Required | Default | Description | Examples |
|---|---|---|---|---|
| $ref | false | - | Reference a component defined under components. | - |
| keyExpression | false | ip-address | The expression the ratelimiter should use to group the requests before counting. The Spring Expression Language (SpEL) is used as language. In the expression the build-in variables request, header, properties can be used. | - |
| language | false | SpEL | the language of the 'test' condition | SpEL, groovy, jsonpath, xpath |
| requestLimit | false | 1000 | Number of requests within the period of measurement. | - |
| requestLimitDuration | false | PT3600S see: ISO 8601 Durations | Duration after the limit is reset in the ISO 8600 Duration format, e.g. PT10S for 10 seconds, PT5M for 5 minutes or PT8H for eight hours. | - |
| trustedProxyCount | false | 0 | Number of trusted proxy servers and loadbalancers. Used to evaluate the X-Forwarded-For header. If bothtrustedProxyListand trustedProxyCountis specified, the trustedProxyList is used to determine the client ip address. To make this configuration active set isTrustForwardedForto true. | - |
| trustedProxyList | false | empty String | Comma separated list of trusted proxy servers and loadbalancers. Used to evaluate the X-Forwarded-For header. If both trustedProxyList and trustedProxyCount is specified, the trustedProxyList is used to determine the client ip address. To make this configuration active setisTrustForwardedForto true. | - |
| trustForwardedFor | false | false | Set this only to true if you know that are you doing. The function of the ratelimter relays on current 'X-ForwaredFor' header values. | - |
Child Structure
| Element | Cardinality | Description |
|---|---|---|
| xmlConfig | 0..1 |