Rate limit

v2 API reference
This filter should be configured with the name envoy.rate_limit.

If the rate limit service is called, and the response for any of the descriptors is over limit, a 429 response is returned. The rate limit filter also sets the header.

If there is an error in calling rate limit service or rate limit service returns an error and failure_mode_deny is set to true, a 500 response is returned.

Each on the route or virtual host populates a descriptor entry. A vector of descriptor entries compose a descriptor. To create more complex rate limit descriptors, actions can be composed in any order. The descriptor will be populated in the order the actions are specified in the configuration.

For example, to generate the following descriptor:

The configuration would be:

Example 2

For the following configuration:

If a request did not set , no descriptor is generated.

If a request sets x-forwarded-for, the the following descriptor is generated:

The buffer filter outputs statistics in the cluster..ratelimit. namespace. 429 responses are emitted to the normal cluster .

The HTTP rate limit filter supports the following runtime settings:

% of requests that will call the rate limit service. Defaults to 100.

ratelimit.http_filter_enforcing

% of requests that will call the rate limit service and enforce the decision. Defaults to 100. This can be used to test what would happen before fully enforcing the outcome.

ratelimit..http_filter_enabled

% of requests that will call the rate limit service for a given route_key specified in the rate limit configuration. Defaults to 100.