Local Rate limit

This extension may be referenced by the qualified name envoy.filters.http.local_ratelimit


This extension has an unknown security posture and should only be used in deployments where both the downstream and upstream are trusted.

Local Rate limit configuration overview.


[extensions.filters.http.local_ratelimit.v3.LocalRateLimit proto]

  "stat_prefix": "...",
  "status": "{...}",
  "token_bucket": "{...}",
  "filter_enabled": "{...}",
  "filter_enforced": "{...}",
  "response_headers_to_add": []

(string, REQUIRED) The human readable prefix to use when emitting stats.


(type.v3.HttpStatus) This field allows for a custom HTTP response status code to the downstream client when the request has been rate limited. Defaults to 429 (TooManyRequests).


If this is set to < 400, 429 will be used instead.


(type.v3.TokenBucket) The token bucket configuration to use for rate limiting requests that are processed by this filter. Each request processed by the filter consumes a single token. If the token is available, the request will be allowed. If no tokens are available, the request will receive the configured rate limit status.


It’s fine for the token bucket to be unset for the global configuration since the rate limit can be applied at a the virtual host or route level. Thus, the token bucket must be set for the per route configuration otherwise the config will be rejected.


When using per route configuration, the bucket becomes unique to that route.


In the current implementation the token bucket’s fill_interval must be >= 50ms to avoid too aggressive refills.


(config.core.v3.RuntimeFractionalPercent) If set, this will enable – but not necessarily enforce – the rate limit for the given fraction of requests. Defaults to 0% of requests for safety.


(config.core.v3.RuntimeFractionalPercent) If set, this will enforce the rate limit decisions for the given fraction of requests.

Note: this only applies to the fraction of enabled requests.

Defaults to 0% of requests for safety.


(config.core.v3.HeaderValueOption) Specifies a list of HTTP headers that should be added to each response for requests that have been rate limited.