GraphQL Rate Limiting Advanced Configuration

Configuration

This plugin is partially compatible with DB-less mode.

The cluster strategy is not supported in DB-less and hybrid modes. For Kong Gateway in DB-less or hybrid mode, use the redis strategy.

Compatible protocols

The GraphQL Rate Limiting Advanced plugin is compatible with the following protocols:

grpc, grpcs, http, https

Parameters

Here's a list of all the parameters which can be used in this plugin's configuration:

• name

  string required

  The name of the plugin, in this case graphql-rate-limiting-advanced.

• instance_name

  string

  An optional custom name to identify an instance of the plugin, for example graphql-rate-limiting-advanced_my-service. Useful when running the same plugin in multiple contexts, for example, on multiple services.

• service.name or service.id

  string

  The name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level /plugins endpoint. Not required if using /services/SERVICE_NAME|ID/plugins.

• route.name or route.id

  string

  The name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level /plugins endpoint. Not required if using /routes/ROUTE_NAME|ID/plugins.

• consumer.name or consumer.id

  string

  The name or ID of the consumer the plugin targets. Set one of these parameters if adding the plugin to a consumer through the top-level /plugins endpoint. Not required if using /consumers/CONSUMER_NAME|ID/plugins.

• enabled

  boolean default: true

  Whether this plugin will be applied.

• config

  record required
  • identifier

    string required default: consumer Must be one of: ip, credential, consumer

    How to define the rate limit key. Can be ip, credential, consumer.

  • window_size

    array of type number required

    One or more window sizes to apply a limit to (defined in seconds).

  • window_type

    string default: sliding Must be one of: fixed, sliding

    Sets the time window to either sliding or fixed.

  • limit

    array of type number required

    One or more requests-per-window limits to apply.

  • sync_rate

    number required

    How often to sync counter data to the central data store. A value of 0 results in synchronous behavior; a value of -1 ignores sync behavior entirely and only stores counters in node memory. A value greater than 0 syncs the counters in that many number of seconds.

  • namespace

    string

    The rate limiting library namespace to use for this plugin instance. NOTE: For the plugin instances sharing the same namespace, all the configurations that are required for synchronizing counters, e.g. strategy, redis, sync_rate, window_size, dictionary_name, need to be the same.

  • strategy

    string required default: cluster Must be one of: cluster, redis

    The rate-limiting strategy to use for retrieving and incrementing the limits.

  • dictionary_name

    string required default: kong_rate_limiting_counters

    The shared dictionary where counters will be stored until the next sync cycle.

  • hide_client_headers

    boolean default: false

    Optionally hide informative response headers. Available options: true or false.

  • cost_strategy

    string default: default Must be one of: default, node_quantifier

    Strategy to use to evaluate query costs. Either default or node_quantifier.

  • score_factor

    number default: 1

    A scoring factor to multiply (or divide) the cost. The score_factor must always be greater than 0.

  • max_cost

    number default: 0

    A defined maximum cost per query. 0 means unlimited.

  • redis

    record required
    • host

      string

      A string representing a host name, such as example.com.

    • port

      integer between: 0 65535

      An integer representing a port number between 0 and 65535, inclusive.

    • timeout

      integer default: 2000 between: 0 2147483646

      An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.

    • connect_timeout

      integer between: 0 2147483646

      An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.

    • send_timeout

      integer between: 0 2147483646

      An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.

    • read_timeout

      integer between: 0 2147483646

      An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.

    • username

      string referenceable

      Username to use for Redis connections. If undefined, ACL authentication won’t be performed. This requires Redis v6.0.0+. The username cannot be set to default.

    • password

      string referenceable encrypted

      Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.

    • sentinel_username

      string referenceable

      Sentinel username to authenticate with a Redis Sentinel instance. If undefined, ACL authentication won’t be performed. This requires Redis v6.2.0+.

    • sentinel_password

      string referenceable encrypted

      Sentinel password to authenticate with a Redis Sentinel instance. If undefined, no AUTH commands are sent to Redis Sentinels.

    • database

      integer default: 0

      Database to use for the Redis connection when using the redis strategy

    • keepalive_pool_size

      integer default: 256 between: 1 2147483646

      The size limit for every cosocket connection pool associated with every remote server, per worker process. If neither keepalive_pool_size nor keepalive_backlog is specified, no pool is created. If keepalive_pool_size isn’t specified but keepalive_backlog is specified, then the pool uses the default value. Try to increase (e.g. 512) this value if latency is high or throughput is low.

    • keepalive_backlog

      integer between: 0 2147483646

      Limits the total number of opened connections for a pool. If the connection pool is full, connection queues above the limit go into the backlog queue. If the backlog queue is full, subsequent connect operations fail and return nil. Queued operations (subject to set timeouts) resume once the number of connections in the pool is less than keepalive_pool_size. If latency is high or throughput is low, try increasing this value. Empirically, this value is larger than keepalive_pool_size.

    • sentinel_master

      string

      Sentinel master to use for Redis connections. Defining this value implies using Redis Sentinel.

    • sentinel_role

      string Must be one of: master, slave, any

      Sentinel role to use for Redis connections when the redis strategy is defined. Defining this value implies using Redis Sentinel.

    • sentinel_addresses

      array of type string len_min: 1

      Sentinel addresses to use for Redis connections when the redis strategy is defined. Defining this value implies using Redis Sentinel. Each string element must be a hostname. The minimum length of the array is 1 element.

    • cluster_addresses

      array of type string len_min: 1

      Cluster addresses to use for Redis connections when the redis strategy is defined. Defining this value implies using Redis Cluster. Each string element must be a hostname. The minimum length of the array is 1 element.

    • ssl

      boolean default: false

      If set to true, uses SSL to connect to Redis.

    • ssl_verify

      boolean default: false

      If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure lua_ssl_trusted_certificate in kong.conf to specify the CA (or server) certificate used by your Redis server. You may also need to configure lua_ssl_verify_depth accordingly.

    • server_name

      string

      A string representing an SNI (server name indication) value for TLS.