Documentation ¶
Overview ¶
Package ratelimit provides filters to control the rate limiter settings on the route level.
For detailed documentation of the ratelimit, see https://godoc.org/github.com/zalando/skipper/ratelimit.
Index ¶
- func NewBackendRatelimit() filters.Spec
- func NewClientRatelimit(provider RatelimitProvider) filters.Spec
- func NewClusterClientRateLimit(provider RatelimitProvider) filters.Spec
- func NewClusterLeakyBucketRatelimit(registry *ratelimit.Registry) filters.Spec
- func NewClusterRateLimit(provider RatelimitProvider) filters.Spec
- func NewDisableRatelimit(provider RatelimitProvider) filters.Spec
- func NewFailClosed() filters.Spec
- func NewLocalRatelimit(provider RatelimitProvider) filters.Spec
- func NewRatelimit(provider RatelimitProvider) filters.Spec
- func NewShardedClusterRateLimit(provider RatelimitProvider, maxGroupShards int) filters.Spec
- type BackendRatelimit
- type FailClosedPostProcessor
- type RatelimitProvider
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewBackendRatelimit ¶ added in v0.13.52
NewBackendRatelimit creates a filter Spec, whose instances instruct proxy to limit request rate towards a particular backend endpoint
func NewClientRatelimit ¶ added in v0.10.168
func NewClientRatelimit(provider RatelimitProvider) filters.Spec
NewClientRatelimit creates a instance based client rate limit. If you have 5 instances with 20 req/s, then it would allow 100 req/s to the backend from the same client. A third argument can be used to set which HTTP header of the request should be used to find the same user. Third argument defaults to XForwardedForLookuper, meaning X-Forwarded-For Header.
Example:
backendHealthcheck: Path("/healthcheck") -> clientRatelimit(20, "1m") -> "https://foo.backend.net";
Example rate limit per Authorization Header:
login: Path("/login") -> clientRatelimit(3, "1m", "Authorization") -> "https://login.backend.net";
func NewClusterClientRateLimit ¶ added in v0.10.153
func NewClusterClientRateLimit(provider RatelimitProvider) filters.Spec
NewClusterClientRatelimit creates a rate limiting that is aware of the other instances. The value given here should be the combined rate of all instances. The ratelimit group parameter can be used to select the same ratelimit group across one or more routes.
Example:
backendHealthcheck: Path("/login") -> clusterClientRatelimit("groupB", 20, "1h") -> "https://foo.backend.net";
The above example would limit access to "/login" if, the client did more than 20 requests within the last hour to this route across all running skippers in the cluster. A single client can be detected by different data from the http request and defaults to client IP or X-Forwarded-For header, if exists. The optional third parameter chooses the HTTP header to choose a client is counted as the same.
Example:
backendHealthcheck: Path("/login") -> clusterClientRatelimit("groupC", 20, "1h", "Authorization") -> "https://foo.backend.net";
func NewClusterLeakyBucketRatelimit ¶ added in v0.13.208
NewClusterLeakyBucketRatelimit creates a filter Spec, whose instances implement rate limiting using leaky bucket algorithm.
The leaky bucket is an algorithm based on an analogy of how a bucket with a constant leak will overflow if either the average rate at which water is poured in exceeds the rate at which the bucket leaks or if more water than the capacity of the bucket is poured in all at once. See https://en.wikipedia.org/wiki/Leaky_bucket
Example to allow each unique Authorization header once in five seconds:
clusterLeakyBucketRatelimit("auth-${request.header.Authorization}", 1, "5s", 2, 1)
func NewClusterRateLimit ¶ added in v0.10.113
func NewClusterRateLimit(provider RatelimitProvider) filters.Spec
NewClusterRatelimit creates a rate limiting that is aware of the other instances. The value given here should be the combined rate of all instances. The ratelimit group parameter can be used to select the same ratelimit group across one or more routes.
Example:
backendHealthcheck: Path("/healthcheck") -> clusterRatelimit("groupA", 200, "1m") -> "https://foo.backend.net";
Optionally a custom response status code can be provided as an argument (default is 429).
Example:
backendHealthcheck: Path("/healthcheck") -> clusterRatelimit("groupA", 200, "1m", 503) -> "https://foo.backend.net";
func NewDisableRatelimit ¶
func NewDisableRatelimit(provider RatelimitProvider) filters.Spec
NewDisableRatelimit disables rate limiting
Example:
backendHealthcheck: Path("/healthcheck") -> disableRatelimit() -> "https://foo.backend.net";
func NewFailClosed ¶ added in v0.13.258
func NewLocalRatelimit ¶
func NewLocalRatelimit(provider RatelimitProvider) filters.Spec
NewLocalRatelimit is *DEPRECATED*, use NewClientRatelimit, instead
func NewRatelimit ¶
func NewRatelimit(provider RatelimitProvider) filters.Spec
NewRatelimit creates a service rate limiting, that is only aware of itself. If you have 5 instances with 20 req/s, then it would at max allow 100 req/s to the backend.
Example:
backendHealthcheck: Path("/healthcheck") -> ratelimit(20, "1s") -> "https://foo.backend.net";
Optionally a custom response status code can be provided as an argument (default is 429).
Example:
backendHealthcheck: Path("/healthcheck") -> ratelimit(20, "1s", 503) -> "https://foo.backend.net";
func NewShardedClusterRateLimit ¶ added in v0.13.137
func NewShardedClusterRateLimit(provider RatelimitProvider, maxGroupShards int) filters.Spec
NewShardedClusterRateLimit creates a cluster rate limiter that uses multiple group shards to count hits. Based on the configured group and maxHits each filter instance selects N distinct group shards from [1, maxGroupShards]. For every subsequent request it uniformly picks one of N group shards and limits number of allowed requests per group shard to maxHits/N.
For example if maxGroupShards = 10, clusterRatelimit("groupA", 200, "1m") will use 10 distinct groups to count hits and will allow up to 20 hits per each group and thus up to configured 200 hits in total.
Types ¶
type BackendRatelimit ¶ added in v0.13.56
func (*BackendRatelimit) CreateFilter ¶ added in v0.13.56
func (*BackendRatelimit) CreateFilter(args []interface{}) (filters.Filter, error)
func (*BackendRatelimit) Name ¶ added in v0.13.56
func (*BackendRatelimit) Name() string
func (*BackendRatelimit) Request ¶ added in v0.13.56
func (limit *BackendRatelimit) Request(ctx filters.FilterContext)
func (*BackendRatelimit) Response ¶ added in v0.13.56
func (*BackendRatelimit) Response(filters.FilterContext)
type FailClosedPostProcessor ¶ added in v0.13.258
type FailClosedPostProcessor struct{}
func NewFailClosedPostProcessor ¶ added in v0.13.258
func NewFailClosedPostProcessor() *FailClosedPostProcessor
func (*FailClosedPostProcessor) Do ¶ added in v0.13.258
func (*FailClosedPostProcessor) Do(routes []*routing.Route) []*routing.Route
Do is implementing a PostProcessor interface to change the filter configs at filter processing time. The fail open/closed decision needs to be done once and can be processed before we activate the new routes.
type RatelimitProvider ¶ added in v0.11.190
type RatelimitProvider interface {
// contains filtered or unexported methods
}
RatelimitProvider returns a limit instance for provided Settings
func NewRatelimitProvider ¶ added in v0.11.190
func NewRatelimitProvider(registry *ratelimit.Registry) RatelimitProvider