Rate limit

This extension may be referenced by the qualified name envoy.filters.http.ratelimit

Note

This extension is intended to be robust against untrusted downstream traffic. It assumes that the upstream is trusted.

Rate limit configuration overview.

config.filter.http.rate_limit.v2.RateLimit

[config.filter.http.rate_limit.v2.RateLimit proto]

{
  "domain": "...",
  "stage": "...",
  "request_type": "...",
  "timeout": "{...}",
  "failure_mode_deny": "...",
  "rate_limited_as_resource_exhausted": "...",
  "rate_limit_service": "{...}"
}
domain

(string, REQUIRED) The rate limit domain to use when calling the rate limit service.

stage

(uint32) Specifies the rate limit configurations to be applied with the same stage number. If not set, the default stage number is 0.

Note

The filter supports a range of 0 - 10 inclusively for stage numbers.

request_type

(string) The type of requests the filter should apply to. The supported types are internal, external or both. A request is considered internal if x-envoy-internal is set to true. If x-envoy-internal is not set or false, a request is considered external. The filter defaults to both, and it will apply to all request types.

timeout

(Duration) The timeout in milliseconds for the rate limit service RPC. If not set, this defaults to 20ms.

failure_mode_deny

(bool) The filter’s behaviour in case the rate limiting service does not respond back. When it is set to true, Envoy will not allow traffic in case of communication failure between rate limiting service and the proxy. Defaults to false.

rate_limited_as_resource_exhausted

(bool) Specifies whether a RESOURCE_EXHAUSTED gRPC code must be returned instead of the default UNAVAILABLE gRPC code for a rate limited gRPC call. The HTTP code will be 200 for a gRPC response.

rate_limit_service

(config.ratelimit.v2.RateLimitServiceConfig, REQUIRED) Configuration for an external rate limit service provider. If not specified, any calls to the rate limit service will immediately return success.