Giters

marcosbarbero / spring-cloud-zuul-ratelimit

Rate limit auto-configure for Spring Cloud Netflix Zuul

Home Page:https://blog.marcosbarbero.com/spring-cloud-netflix-zuul-rate-limit/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

How to exclude certain IPAddresses when doing a RateLimit by Origin type

angshuman-agarwal opened this issue · comments

commented

Describe the question
As a user, I would like to exclude certain IP Addresses from the rate limit policy and have the default Too_Many_Requests 429 Status behaviour for the rest. I am using type: Origin. How can I achieve that please ?

NB: I am using 2.2.1.RELEASE.

Additional context
I had a look at this issue - #38 (comment), where the suggestion was to disable rate limit, extend Pre- and Post- RateLimit filters and override the shouldFilter method there. But, as soon as I disable rate limit in the config, few classes fail to auto-inject as they are tied to zuul.ratelimit.enabled=true

Please can you suggest if there is a way to specify certain IP Addresses in config as an exclusion list ?

commented

Hello @angshuman-agarwal ,thank you for submitting an issue!

commented

If I understand it correctly you want to allow requests for a single origin and nothing else, is that it?

commented

I want to exclude one IP Address from the RateLimiter policy and have default behaviour for all the other IPs who hit my endpoint.
I have a policyList defined for one endpoint with type:Origin.

For the sake of example : If I want 127.0.0.1 to be excluded, how do I do that with rate limit enabled ?

commented

Unfortunately, the only way to make what you want to work is by creating a policy setting a very high rate limit rule for the given origin. There's no other way to bypass it.

commented

creating a policy setting a very high rate limit rule for the given origin

Thanks, is there a sample / source I can see on how to achieve what you are suggesting please ?

commented

Something like this would do:

zuul:
  ratelimit:
    enabled: true
    repository: REDIS # or any other you prefer
    default-policy-list: 
      - limit: 99999999 # any high-volume to cover your specific use case
        refresh-interval: 10 # in seconds
        type: 
          - origin=127.0.0.1
      - limit: 10 # request number limit for every other origin
        refresh-interval: 60 #default value (in seconds)
commented

Thanks - I just tried, but looks like it is letting go everything now. I verified by setting a junk IP instead of 127.0.0.1 to see if it blocks localhost, but it does not. I do not get TOO_MANY_REQUESTS back at all.

zuul:
  ratelimit:
    enabled: true
    repository: jpa # or any other you prefer
    default-policy-list: 
      - limit: 99999999 # any high-volume to cover your specific use case
        refresh-interval: 5 # in seconds
        type: 
          - origin=169.0.0.1 # I set a junk IP here to verify if 127.0.0.1 is blocked or not with 429 response
      - limit: 1 # request number limit for every other origin
        refresh-interval: 5 #default value (in seconds)
commented

Can you share a sample application reproducing the error?

commented

Thanks - Kindly review and let me know.
zuulratelimiter.zip

Run : http://localhost:8080/greeting/simple

Please change to - origin=127.0.0.1 too and try as well (does not seem to work as expected)

commented

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 1 day

commented

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 1 day

commented

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 1 day