gloo icon indicating copy to clipboard operation
gloo copied to clipboard

Published 20 hours ago verified publisher icon solo-io

Dynamic ratelimit values

Open asayah opened this issue 4 years ago • 3 comments

a common ask is to pass the values or the rate limit dynamically, for example, a call reaches the gateway and based on the identity of the user/ call a different or compute its quota, then this quota gets used for the rate-limiting.

asayah avatar May 05 '21 23:05 asayah

@antonioberben and @asayah we have a header that can be used to create a rule for every single thing that passes through. So what extra scope.

chrisgaun avatar Aug 06 '21 19:08 chrisgaun

@asayah @kevin-shelaga how do you feel about this being driven by a header on the request? It doesn't really make sense for clients to set the rate limit themselves, of course. I'm thinking more along the lines of users configure edge with transformations to set headers as part of request processing. This would allow the rate limiting to be driven off a dynamic value (from the header) and it leverages our existing support for header transformations, JWT processing claims to headers, etc.

To be clear, the above does not work today. I'm just floating this as a potential direction after discussing with a few folks.

kcbabo avatar Jun 03 '22 19:06 kcbabo

That's risky but fine imo, (ideal it would be in the metadatas) the scenario can be:

  • Request received
  • Do authn
  • Add a Plugin auth, and based on oidc group + Ip + something else set a header with RL values
  • RL based on the header values
  • Sanitize header

The idea would be to have a direct feedback from a potential user

asayah avatar Jun 03 '22 20:06 asayah

Fixed by https://github.com/solo-io/gloo-mesh-enterprise/issues/11512, closing.

DuncanDoyle avatar Dec 08 '23 12:12 DuncanDoyle