2019-04-08 17:14:08 +02:00
# RateLimit
2019-02-26 05:50:07 -08:00
2019-08-26 12:20:06 +02:00
To Control the Number of Requests Going to a Service
2019-02-26 05:50:07 -08:00
{: .subtitle }
The RateLimit middleware ensures that services will receive a _fair_ number of requests, and allows you define what is fair.
## Configuration Example
2019-04-08 17:14:08 +02:00
```yaml tab="Docker"
2019-08-26 12:20:06 +02:00
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
2019-04-08 17:14:08 +02:00
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
2019-04-08 17:14:08 +02:00
```
```yaml tab="Kubernetes"
2019-08-26 12:20:06 +02:00
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
2019-04-08 17:14:08 +02:00
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
2019-08-26 12:20:06 +02:00
average: 100
burst: 50
2019-04-08 17:14:08 +02:00
```
2019-04-15 18:22:07 +02:00
```json tab="Marathon"
"labels": {
2019-08-26 12:20:06 +02:00
"traefik.http.middlewares.test-ratelimit.ratelimit.average": "100",
"traefik.http.middlewares.test-ratelimit.ratelimit.burst": "50"
2019-04-15 18:22:07 +02:00
}
```
2019-04-08 17:14:08 +02:00
```yaml tab="Rancher"
2019-08-26 12:20:06 +02:00
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
2019-04-08 17:14:08 +02:00
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
2019-04-08 17:14:08 +02:00
```
2019-07-22 09:58:04 +02:00
```toml tab="File (TOML)"
2019-08-26 12:20:06 +02:00
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
2019-04-08 17:14:08 +02:00
[http.middlewares]
2019-07-01 11:30:05 +02:00
[http.middlewares.test-ratelimit.rateLimit]
2019-08-26 12:20:06 +02:00
average = 100
burst = 50
2019-04-08 17:14:08 +02:00
```
2019-02-26 05:50:07 -08:00
2019-07-22 09:58:04 +02:00
```yaml tab="File (YAML)"
2019-08-26 12:20:06 +02:00
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
2019-07-22 09:58:04 +02:00
http:
middlewares:
test-ratelimit:
rateLimit:
2019-08-26 12:20:06 +02:00
average: 100
burst: 50
2019-07-22 09:58:04 +02:00
```
2019-02-26 05:50:07 -08:00
## Configuration Options
2019-08-26 12:20:06 +02:00
### `average`
Average is the maximum rate, in requests/s, allowed for the given source.
It defaults to 0, which means no rate limiting.
```yaml tab="Docker"
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
2019-08-26 12:20:06 +02:00
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
average: 100
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.average": "100",
}
```
```yaml tab="Rancher"
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
2019-08-26 12:20:06 +02:00
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
rateLimit:
average: 100
```
### `burst`
Burst is the maximum number of requests allowed to go through in the same arbitrarily small period of time.
It defaults to 1.
```yaml tab="Docker"
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
2019-08-26 12:20:06 +02:00
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
burst: 100
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.burst": "100",
}
```
```yaml tab="Rancher"
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
2019-08-26 12:20:06 +02:00
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
burst = 100
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
rateLimit:
burst: 100
```
### `sourceCriterion`
2019-02-26 05:50:07 -08:00
2019-08-26 12:20:06 +02:00
SourceCriterion defines what criterion is used to group requests as originating from a common source.
The precedence order is `ipStrategy` , then `requestHeaderName` , then `requestHost` .
If none are set, the default is to use the request's remote address field (as an `ipStrategy` ).
#### `sourceCriterion.ipStrategy`
The `ipStrategy` option defines two parameters that sets how Traefik will determine the client IP: `depth` , and `excludedIPs` .
##### `ipStrategy.depth`
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
- If `depth` is greater than the total number of IPs in `X-Forwarded-For` , then the client IP will be empty.
2019-09-03 18:02:05 +02:00
- `depth` is ignored if its value is lesser than or equal to 0.
2019-08-26 12:20:06 +02:00
2019-09-23 14:32:04 +02:00
!!! example "Example of Depth & X-Forwarded-For"
2019-08-26 12:20:06 +02:00
If `depth` was equal to 2, and the request `X-Forwarded-For` header was `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP would be `"10.0.0.1"` (at depth 4) but the IP used as the criterion would be `"12.0.0.1"` (`depth=2` ).
| `X-Forwarded-For` | `depth` | clientIP |
|-----------------------------------------|---------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
##### `ipStrategy.excludedIPs`
```yaml tab="Docker"
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
2019-08-26 12:20:06 +02:00
```
2019-02-26 05:50:07 -08:00
2019-08-26 12:20:06 +02:00
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
sourceCriterion:
ipStrategy:
excludedIPs:
- 127.0.0.1/32
- 192.168.1.7
```
2019-02-26 05:50:07 -08:00
2019-08-26 12:20:06 +02:00
```yaml tab="Rancher"
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
2019-08-26 12:20:06 +02:00
```
2019-02-26 05:50:07 -08:00
2019-08-26 12:20:06 +02:00
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
```
2019-02-26 05:50:07 -08:00
2019-08-26 12:20:06 +02:00
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
2019-02-26 05:50:07 -08:00
2019-08-26 12:20:06 +02:00
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
rateLimit:
sourceCriterion:
ipStrategy:
excludedIPs:
2019-09-23 17:00:06 +02:00
- "127.0.0.1/32"
- "192.168.1.7"
2019-08-26 12:20:06 +02:00
```
2019-09-23 14:32:04 +02:00
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.
!!! important "If `depth` is specified, `excludedIPs` is ignored."
!!! example "Example of ExcludedIPs & X-Forwarded-For"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` |
2019-08-26 12:20:06 +02:00
#### `sourceCriterion.requestHeaderName`
Requests having the same value for the given header are grouped as coming from the same source.
2019-02-26 05:50:07 -08:00
2019-08-26 12:20:06 +02:00
```yaml tab="Docker"
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
2019-08-26 12:20:06 +02:00
```
2019-02-26 05:50:07 -08:00
2019-08-26 12:20:06 +02:00
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
sourceCriterion:
requestHeaderName: username
```
```yaml tab="Rancher"
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
2019-08-26 12:20:06 +02:00
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername": "username"
}
```
2019-02-26 05:50:07 -08:00
2019-08-26 12:20:06 +02:00
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHeaderName = "username"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
rateLimit:
sourceCriterion:
requestHeaderName: username
```
#### `sourceCriterion.requestHost`
Whether to consider the request host as the source.
```yaml tab="Docker"
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
2019-08-26 12:20:06 +02:00
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
sourceCriterion:
requestHost: true
```
```yaml tab="Rancher"
labels:
2019-09-23 17:00:06 +02:00
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
2019-08-26 12:20:06 +02:00
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost": "true"
}
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHost = true
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
rateLimit:
sourceCriterion:
requestHost: true
2019-09-23 17:00:06 +02:00
```