Response Rate Limiting

Overview Examples Configuration reference Changelog

Configuration

configobject

Hide Child Parameters

block_on_first_violationboolean

A boolean value that determines if the requests should be blocked as soon as one limit is being exceeded. This will block requests that are supposed to consume other limits too.

Default:false

fault_tolerantboolean

A boolean value that determines if the requests should be proxied even if Kong has troubles connecting a third-party datastore. If true, requests will be proxied anyway, effectively disabling the rate-limiting function until the datastore is working again. If false, then the clients will see 500 errors.

Default:true

header_namestring

The name of the response header used to increment the counters.

Default:x-kong-limit

hide_client_headersboolean

Optionally hide informative response headers.

Default:false

limit_bystring

The entity that will be used when aggregating the limits: consumer, credential, ip. If the consumer or the credential cannot be determined, the system will always fallback to ip.

Allowed values:consumercredentialip

Default:consumer

limitsobject

A map that defines rate limits for the plugin.

>= 1 characters

* Additional properties are allowed.

policystring

The rate-limiting policies to use for retrieving and incrementing the limits.

Allowed values:clusterlocalredis

Default:local

redisobject

Redis configuration

Hide Child Parameters

databaseinteger

Database to use for the Redis connection when using the redis strategy

Default:0

hoststring

A string representing a host name, such as example.com.

passwordstring

Password to use for Redis connections. If undefined, no AUTH commands are sent to Redis.
This field is encrypted.
This field is referenceable.

>= 0 characters

portinteger

An integer representing a port number between 0 and 65535, inclusive.

Default:6379

>= 0<= 65535

server_namestring

A string representing an SNI (server name indication) value for TLS.

sslboolean

If set to true, uses SSL to connect to Redis.

Default:false

ssl_verifyboolean

If set to true, verifies the validity of the server SSL certificate. If setting this parameter, also configure lua_ssl_trusted_certificate in kong.conf to specify the CA (or server) certificate used by your Redis server. You may also need to configure lua_ssl_verify_depth accordingly.

Default:false

timeoutinteger

An integer representing a timeout in milliseconds. Must be between 0 and 2^31-2.

Default:2000

>= 0<= 2147483646

usernamestring

Username to use for Redis connections. If undefined, ACL authentication won’t be performed. This requires Redis v6.0.0+. To be compatible with Redis v5.x.y, you can set it to default.
This field is referenceable.

consumerobject

If set, the plugin will activate only for requests where the specified has been authenticated. (Note that some plugins can not be restricted to consumers this way.). Leave unset for the plugin to activate regardless of the authenticated Consumer.

* Additional properties are NOT allowed.

Hide Child Parameters

idstring

protocolsarray[string]

A set of strings representing HTTP protocols.

Allowed values:grpcgrpcshttphttps

Default:grpc, grpcs, http, https

routeobject

If set, the plugin will only activate when receiving requests via the specified route. Leave unset for the plugin to activate regardless of the route being used.

* Additional properties are NOT allowed.

Hide Child Parameters

idstring

serviceobject

If set, the plugin will only activate when receiving requests via one of the routes belonging to the specified Service. Leave unset for the plugin to activate regardless of the Service being matched.

* Additional properties are NOT allowed.

Hide Child Parameters

idstring

Response Rate Limiting

Configuration

Did this doc help?

Help us make these docs great!

Still need help