Rate Limiting Configuration

You are browsing documentation for an outdated plugin version.

Configuration

This plugin is partially compatible with DB-less mode.

The plugin will run fine with the local policy (which doesn’t use the database) or the redis policy (which uses an independent Redis, so it is compatible with DB-less).

The plugin will not work with the cluster policy, which requires writes to the database.

Compatible protocols

The Rate Limiting plugin is compatible with the following protocols:

grpc, grpcs, http, https

Parameters

Here's a list of all the parameters which can be used in this plugin's configuration:

• name or plugin

  string required

  The name of the plugin, in this case rate-limiting.

  • If using the Kong Admin API, Konnect API, declarative configuration, or decK files, the field is name.
  • If using the KongPlugin object in Kubernetes, the field is plugin.

• instance_name

  string

  An optional custom name to identify an instance of the plugin, for example rate-limiting_my-service.

  The instance name shows up in Kong Manager and in Konnect, so it's useful when running the same plugin in multiple contexts, for example, on multiple services. You can also use it to access a specific plugin instance via the Kong Admin API.

  An instance name must be unique within the following context:

  • Within a workspace for Kong Gateway Enterprise
  • Within a control plane or control plane group for Konnect
  • Globally for Kong Gateway (OSS)

• service.name or service.id

  string

  The name or ID of the service the plugin targets. Set one of these parameters if adding the plugin to a service through the top-level /plugins endpoint. Not required if using /services/{serviceName|Id}/plugins.

• route.name or route.id

  string

  The name or ID of the route the plugin targets. Set one of these parameters if adding the plugin to a route through the top-level /plugins endpoint. Not required if using /routes/{routeName|Id}/plugins.

• consumer.name or consumer.id

  string

  The name or ID of the consumer the plugin targets. Set one of these parameters if adding the plugin to a consumer through the top-level /plugins endpoint. Not required if using /consumers/{consumerName|Id}/plugins.

• enabled

  boolean default: true

  Whether this plugin will be applied.

• config

  record required
  • second

    number

    The number of HTTP requests that can be made per second.

  • minute

    number

    The number of HTTP requests that can be made per minute.

  • hour

    number

    The number of HTTP requests that can be made per hour.

  • day

    number

    The number of HTTP requests that can be made per day.

  • month

    number

    The number of HTTP requests that can be made per month.

  • year

    number

    The number of HTTP requests that can be made per year.

  • limit_by

    string default: consumer Must be one of: consumer, credential, ip, service, header, path

    The entity that is used when aggregating the limits.

  • header_name

    string

    A string representing an HTTP header name.

  • path

    string starts_with: /

    A string representing a URL path, such as /path/to/resource. Must start with a forward slash (/) and must not contain empty segments (i.e., two consecutive forward slashes).

  • policy

    string default: local len_min: 0 Must be one of: local, cluster, redis

    The rate-limiting policies to use for retrieving and incrementing the limits.

  • fault_tolerant

    boolean required default: true

    A boolean value that determines if the requests should be proxied even if Kong has troubles connecting a third-party data store. If true, requests will be proxied anyway, effectively disabling the rate-limiting function until the data store is working again. If false, then the clients will see 500 errors.

  • redis_host

    string

    A string representing a host name, such as example.com.

  • redis_port

    integer default: 6379 between: 0 65535

    An integer representing a port number between 0 and 65535, inclusive.

  • redis_password

    string referenceable len_min: 0

    When using the redis policy, this property specifies the password to connect to the Redis server.

  • redis_username

    string referenceable

    When using the redis policy, this property specifies the username to connect to the Redis server when ACL authentication is desired.

  • redis_ssl

    boolean required default: false

    When using the redis policy, this property specifies if SSL is used to connect to the Redis server.

  • redis_ssl_verify

    boolean required default: false

    When using the redis policy with redis_ssl set to true, this property specifies it server SSL certificate is validated. Note that you need to configure the lua_ssl_trusted_certificate to specify the CA (or server) certificate used by your Redis server. You may also need to configure lua_ssl_verify_depth accordingly.

  • redis_server_name

    string

    A string representing an SNI (server name indication) value for TLS.

  • redis_timeout

    number default: 2000

    When using the redis policy, this property specifies the timeout in milliseconds of any command submitted to the Redis server.

  • redis_database

    integer default: 0

    When using the redis policy, this property specifies the Redis database to use.

  • hide_client_headers

    boolean required default: false

    Optionally hide informative response headers.

  • error_code

    number default: 429

    Set a custom error code to return when the rate limit is exceeded.

  • error_message

    string default: API rate limit exceeded

    Set a custom error message to return when the rate limit is exceeded.

  • sync_rate

    number required default: -1

    How often to sync counter data to the central data store. A value of -1 results in synchronous behavior.