Connection limit (proto)
This extension has the qualified name envoy.filters.network.connection_limit
Note
This extension is intended to be robust against both untrusted downstream and upstream traffic.
Tip
This extension extends and can be used with the following extension category:
This extension must be configured with one of the following type URLs:
Connection limit configuration overview.
extensions.filters.network.connection_limit.v3.ConnectionLimit
[extensions.filters.network.connection_limit.v3.ConnectionLimit proto]
{
"stat_prefix": ...,
"max_connections": {...},
"delay": {...},
"runtime_enabled": {...}
}
- stat_prefix
(string, REQUIRED) The prefix to use when emitting statistics.
- max_connections
(UInt64Value) The max connections configuration to use for new incoming connections that are processed by the filter’s filter chain. When max_connection is reached, the incoming connection will be closed after delay duration.
- delay
(Duration) The delay configuration to use for rejecting the connection after some specified time duration instead of immediately rejecting the connection. That way, a malicious user is not able to retry as fast as possible which provides a better DoS protection for Envoy. If this is not present, the connection will be closed immediately.
- runtime_enabled
(config.core.v3.RuntimeFeatureFlag) Runtime flag that controls whether the filter is enabled or not. If not specified, defaults to enabled.