Before you begin

  1. Follow the Get started guide to install Gloo Gateway, set up a gateway resource, and deploy the httpbin sample app.

  2. Get the external address of the gateway and save it in an environment variable.

Request headers

You can rate limit requests based on certain request headers.

  1. Create a RateLimitConfig to define your rate limiting rules. In the following example, you create a policy that rate limits requests to one request per minute for requests with an x-type header.

      kubectl apply -f - <<EOF
    apiVersion: ratelimit.solo.io/v1alpha1
    kind: RateLimitConfig
    metadata:
      name: ratelimit-config
      namespace: gloo-system
    spec:
      raw:
        setDescriptors:
        - simpleDescriptors:
          - key: type
            value: 
          rateLimit:
            requestsPerUnit: 1
            unit: MINUTE
        rateLimits:
          - setActions:
            - requestHeaders:
                descriptorKey: type
                headerName: x-type
    EOF
      
  2. Create a RouteOption resource that references the RateLimitConfig that you created.

      kubectl apply -f- <<EOF
    apiVersion: gateway.solo.io/v1
    kind: RouteOption
    metadata:
      name: ratelimit
      namespace: httpbin
    spec:
      options:
        rateLimitConfigs:
          refs:
          - name: ratelimit-config
            namespace: gloo-system
    EOF
      
  3. Create an HTTPRoute resource for the httpbin app that applies the RouteOption resources that you created and rate limits requests on the ratelimit.example domain.

      kubectl apply -f- <<EOF
    apiVersion: gateway.networking.k8s.io/v1
    kind: HTTPRoute
    metadata:
      name: httpbin-ratelimit
      namespace: httpbin
    spec:
      parentRefs:
      - name: http
        namespace: gloo-system
      hostnames:
        - ratelimit.example
      rules:
        - filters:
            - type: ExtensionRef
              extensionRef:
                group: gateway.solo.io
                kind: RouteOption
                name: ratelimit
          backendRefs:
            - name: httpbin
              port: 8000
    EOF
      
  4. Send a few requests to the httpbin app on the ratelimit.example domain. Verify that your first request succeeds and you get back a 200 HTTP response code. Because you limited requests to one request per minute, subsequent requests within the same minute fail with a 429 HTTP response code.

    Example output for a successful response:

      * Mark bundle as not supporting multiuse
    < HTTP/1.1 200 OK
    < access-control-allow-credentials: true
    < access-control-allow-origin: *
    < date: Mon, 22 Apr 2024 18:36:31 GMT
    < content-length: 0
    < x-envoy-upstream-service-time: 0
    < server: envoy
      

    Example output when rate limited:

      * Mark bundle as not supporting multiuse
    < HTTP/1.1 429 Too Many Requests
    < x-envoy-ratelimited: true
    < date: Mon, 22 Apr 2024 18:33:09 GMT
    < server: envoy
    < content-length: 0
      
  5. Change the RatelimitConfig resource to rate limit requests based on a specific header value. In the following example, the rate limiting rule is applied to the x-type: exact-value request header.

      kubectl apply -f - <<EOF
    apiVersion: ratelimit.solo.io/v1alpha1
    kind: RateLimitConfig
    metadata:
      name: ratelimit-config
      namespace: gloo-system
    spec:
      raw:
        setDescriptors:
        - simpleDescriptors:
          - key: type
            value: exact-value
          rateLimit:
            requestsPerUnit: 1
            unit: MINUTE
        rateLimits:
          - setActions:
            - requestHeaders:
                descriptorKey: type
                headerName: x-type
    EOF
      
  6. Send a few requests to the httpbin app on the ratelimit.example domain and include the x-type: mytype request header. Verify that your requests succeed and no rate limiting rules are applied

    Example output for a successful response:

      * Mark bundle as not supporting multiuse
    < HTTP/1.1 200 OK
    < access-control-allow-credentials: true
    < access-control-allow-origin: *
    < date: Mon, 22 Apr 2024 18:36:31 GMT
    < content-length: 0
    < x-envoy-upstream-service-time: 0
    < server: envoy
      
  7. Send a few more requests to the httpbin app. This time, include the x-type: exact-value request header. Verify that the first request succeeds, but subsequent requests are rate limited.

    Example output for a successful response:

      * Mark bundle as not supporting multiuse
    < HTTP/1.1 200 OK
    < access-control-allow-credentials: true
    < access-control-allow-origin: *
    < date: Mon, 22 Apr 2024 18:36:31 GMT
    < content-length: 0
    < x-envoy-upstream-service-time: 0
    < server: envoy
      

    Example output when rate limited:

      * Mark bundle as not supporting multiuse
    < HTTP/1.1 429 Too Many Requests
    < x-envoy-ratelimited: true
    < date: Mon, 22 Apr 2024 18:33:09 GMT
    < server: envoy
    < content-length: 0
      
  8. Optional: Remove the resources that you created in this guide.

      kubectl delete ratelimitconfig ratelimit-config -n gloo-system
    kubectl delete routeoption ratelimit -n httpbin
    kubectl delete httproute httpbin-ratelimit -n httpbin