krakend-ratelimit icon indicating copy to clipboard operation
krakend-ratelimit copied to clipboard

Published 20 hours ago verified publisher icon krakend

Rate limiting issue with CORS plugin?

Open Arsnael opened this issue 3 years ago • 1 comments

Hello!

When using the CORS plugin github_com/devopsfaith/krakend-cors:

"github_com/devopsfaith/krakend-cors": {
      "allow_origins": ["*"],
      "expose_headers": ["Content-Length"],
      "max_age": "12h",
      "allow_methods": ["GET","POST","PUT"]
    }

With the rate limiting defined in a POST endpoint and the header strategy:

"extra_config": {
        "github.com/devopsfaith/krakend-ratelimit/juju/router": {
          "maxRate": 1000,
          "clientMaxRate": 100,
          "strategy": "header",
          "key": "Authorization"
        }
      }

When trying to do a CORS request towards the endpoint, I get a Error #01: ERROR: rate limit exceded and a 409 in krakend logs, and of course the request fails. It seems to only happen for client max rate with the header strategy though. When I switch the strategy to ip it works fine.

Any idea?

Arsnael avatar Nov 26 '21 09:11 Arsnael

I got the same problem but with ip strategy. CORS enabled (if it really matters), same rate limit on almost all endpoints:

 - GET /api/scoring/user/:username
  Timeout: 10s
  QueryString: [*]
  CacheTTL: 5m0s
  Headers to pass: [Jwt X-Real-Ip X-Forwarded-For X-Forwarded-Proto X-Request-Id X-Country-Code X-City-Name User-Agent Authorization Content-Type Accept Cookie]
  OutputEncoding: no-op
  Concurrent calls: 1
  1 endpoint component configuration(s):
  - qos/ratelimit/router
          client_max_rate: 200
          strategy: ip
          key: X-Forwarded-For
  Connecting to 1 backend(s):
    [+] GET /scoring/user/{{.Username}}
    Timeout: 10s
    Hosts: [http://backend:8000]
    Concurrent calls: 1
    Host sanitization disabled: false
    Target:
    Deny: [], Allow: []
    Mapping: map[]
    Group:
    Encoding: no-op
    Is collection: false
    SD:
    0 backend component configuration(s):

Just recently I added specific "slow" rate limits (like 0.02, 0.05 req/s) on several endpoints. And after that I found that endpoint specified in the beginning throws 429 after just a couple of requests - I tried accessing it 40 times per second and got results like these:

First request: 2022-10-21 18:38:00.375449
Last request: 2022-10-21 18:38:00.770169
Status: 200, count: 3
Status: 429, count: 37

client_max_rate does not matter: I tried 20 / 200 / 2000 req/s - endpoint keeps returning 429s just after 2-3 requests

alex-pobeditel-2004 avatar Oct 21 '22 15:10 alex-pobeditel-2004