Connection limit (proto)

This extension has the qualified name envoy.filters.network.connection_limit

Note

This extension is intended to be robust against both untrusted downstream and upstream traffic.

Tip

This extension extends and can be used with the following extension category:

This extension must be configured with one of the following type URLs:

Connection limit configuration overview.

extensions.filters.network.connection_limit.v3.ConnectionLimit

[extensions.filters.network.connection_limit.v3.ConnectionLimit proto]

{
  "stat_prefix": ...,
  "max_connections": {...},
  "delay": {...},
  "runtime_enabled": {...}
}
stat_prefix

(string, REQUIRED) The prefix to use when emitting statistics.

max_connections

(UInt64Value) The max connections configuration to use for new incoming connections that are processed by the filter’s filter chain. When max_connection is reached, the incoming connection will be closed after delay duration.

delay

(Duration) The delay configuration to use for rejecting the connection after some specified time duration instead of immediately rejecting the connection. That way, a malicious user is not able to retry as fast as possible which provides a better DoS protection for Envoy. If this is not present, the connection will be closed immediately.

runtime_enabled

(config.core.v3.RuntimeFeatureFlag) Runtime flag that controls whether the filter is enabled or not. If not specified, defaults to enabled.