- Function Description
- Runtime Attributes
- Configuration Description
- Configuration Examples
- Identify request parameter apikey for differentiated rate limiting
- Identify request header x-ca-key for differentiated rate limiting
- Get the peer IP using the request header x-forwarded-for for differentiated rate limiting
- Identify consumer for differentiated rate limiting
- Identify key-value pairs in cookies for differentiated rate limiting
Function Description
The ai-token-ratelimit
plugin implements token rate limiting based on specific key values. The key values can come from URL parameters, HTTP request headers, client IP addresses, consumer names, or key names in cookies.
Notice
For this plugin to function, the AI Observability Plugin must also be enabled to achieve token count statistics.
Runtime Attributes
Plugin execution phase: default phase
Plugin execution priority: 600
Configuration Description
Configuration Item | Type | Required | Default Value | Description |
---|---|---|---|---|
rule_name | string | Yes | - | Name of the rate limiting rule, used to assemble the redis key based on the rule name + rate limiting type + rate limiting key name + actual value corresponding to the rate limiting key |
rule_items | array of object | Yes | - | Rate limiting rule items. After matching the first rule_item, subsequent rules will be ignored based on the order in rule_items |
rejected_code | int | No | 429 | The HTTP status code returned when the request is rate limited |
rejected_msg | string | No | Too many requests | The response body returned when the request is rate limited |
redis | object | Yes | - | Redis related configuration |
Field descriptions for each item in rule_items
Configuration Item | Type | Required | Default Value | Description |
---|---|---|---|---|
limitby_header | string | No, optionally select one in limit_by | - | Configure the source HTTP header name for obtaining the rate limiting key value |
limitby_param | string | No, optionally select one in limit_by | - | Configure the source URL parameter name for obtaining the rate limiting key value |
limitby_consumer | string | No, optionally select one in limit_by | - | Rate limit by consumer name, no actual value needs to be added |
limitby_cookie | string | No, optionally select one in limit_by | - | Configure the source key name in cookies for obtaining the rate limiting key value |
limitby_per_header | string | No, optionally select one in limit_by | - | Match specific HTTP request headers according to rules and calculate rate limiting separately for each header. Configure the source HTTP header name for obtaining the rate limiting key value. Supports regular expressions or when configuring limitkeys |
limit_by_per_param | string | No, optionally select one in limit_by | - | Match specific URL parameters according to rules and calculate rate limiting separately for each parameter. Configure the source URL parameter name for obtaining the rate limiting key value. Supports regular expressions or when configuring limitkeys |
limit_by_per_consumer | string | No, optionally select one in limit_by | - | Match specific consumers according to rules and calculate rate limiting separately for each consumer. Rate limit by consumer name, no actual value needs to be added. Supports regular expressions or when configuring limitkeys |
limit_by_per_cookie | string | No, optionally select one in limit_by | - | Match specific cookies according to rules and calculate rate limiting separately for each cookie. Configure the source key name in cookies for obtaining the rate limiting key value. Supports regular expressions or when configuring limitkeys |
limit_by_per_ip | string | No, optionally select one in limit_by* | - | Match specific IPs according to rules and calculate rate limiting separately for each IP. Configure the source IP parameter name for obtaining the rate limiting key value from request headers, from-header-<header name> , such as from-header-x-forwarded-for . Directly get the remote socket IP by configuring from-remote-addr |
limit_keys | array of object | Yes | - | Configure the number of rate limit requests after matching keys |
Field descriptions for each item in limit_keys
Configuration Item | Type | Required | Default Value | Description |
---|---|---|---|---|
key | string | Yes | - | Matched key value. Types limit_by_per_header , limit_by_per_param , limit_by_per_consumer , limit_by_per_cookie support configuring regular expressions (beginning with regexp: followed by the regex) or (representing all). Example regex: regexp:^d. (all strings starting with d); limit_by_per_ip supports configuring IP addresses or IP segments |
token_per_second | int | No, optionally select one in token_per_second , token_per_minute , token_per_hour , token_per_day | - | Allowed number of token requests per second |
token_per_minute | int | No, optionally select one in token_per_second , token_per_minute , token_per_hour , token_per_day | - | Allowed number of token requests per minute |
token_per_hour | int | No, optionally select one in token_per_second , token_per_minute , token_per_hour , token_per_day | - | Allowed number of token requests per hour |
token_per_day | int | No, optionally select one in token_per_second , token_per_minute , token_per_hour , token_per_day | - | Allowed number of token requests per day |
Field descriptions for each item in redis
Configuration Item | Type | Required | Default Value | Description |
---|---|---|---|---|
service_name | string | Required | - | Full FQDN name of the redis service, including service type, e.g., my-redis.dns, redis.my-ns.svc.cluster.local |
service_port | int | No | Default value for static addresses (static service) is 80; otherwise, it is 6379 | Input the service port of the redis service |
username | string | No | - | Redis username |
password | string | No | - | Redis password |
timeout | int | No | 1000 | Redis connection timeout in milliseconds |