This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Programming Other programming kong plugin rate-limiting
View: 10942|Reply: 0

kong plugin rate-limiting

[Copy link]
Posted on 2/15/2019 2:54:45 PM | | | |
kong gateway rate-limiting plugin.

Set current limit rules based on year, month, day, hour, minute, and second, and multiple restrictions take effect at the same time.

For example, no more than 10 calls per day, no more than 3 times per minute.

When there are more than 3 visits in a minute, an error will be reported on the fourth time.

When the number of visits exceeds 10 times in a day, an error will be reported on the eleventh time.


Scenario: I need to limit the API interface to a single IP that can only be requested 3 times per minute, when I enable the plug-in, there is no problem in accessing the kong gateway through the IP normally, but the upper layer of kong still has nginx as a load, so the IP obtained by kong is always the private IP of the nginx machine, so that all IPs can only access the API interface 3 times per minute, not a single IP accesses the interface 3 times per minute.

As shown in the figure below, as long as the interface is requested 3 times per minute, all visitors will be rejected.



I installed the http-log plugin to record the request and the corresponding information, so that we can debug it.



Since kong is not obtaining client_ip address normally, how can I correct this problem?

Solution

Modify the kong configuration file,

/etc/kong/kong.conf文件,增加trusted_ips = 0.0.0.0/0,::/0

real_ip_header = X-Forwarded-For


At lastRestart Kong, command: kong restart



trusted_ips

Define a block of trusted IP addresses that are known to send the correct X-Forwarded-* header. Requests from trusted IPs cause Kong to forward its header to X-Forwarded-* upstream. Untrusted requests make Kong insert its own X-Forwarded-* header.

This property also sets the directive in the set_real_ip_fromNginx configuration. It accepts values of the same type (CIDR blocks), but comma-separated lists.

To trust all /! \IP, please set this value to 0.0.0.0/0,::/0.

If unix: specifies a special value, all UNIX domain sockets will be trusted.
Reference Documentation:https://docs.konghq.com/0.14.x/configuration/#trusted_ips

After the modification is completed, kong can correctly obtain the client IP address, as shown in the figure below:



(End)






Previous:Location search attribute
Next:JavaScript split() method

Related Posts
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com