skipper icon indicating copy to clipboard operation
skipper copied to clipboard

Published 20 hours ago verified publisher icon zalando

Conditional rate limiting.

Open ponimas opened this issue 1 year ago • 1 comments

Is your feature request related to a problem? Please describe. We want to be able to apply clusterClientRatelimit based on existence or absence of certain headers in the incoming requests, so we can put several filters in one route and expect that only ratelimits with matching conditions are applied. At the moment, achieving this requires the use of separate routes, each with its own rate limiter, which is extremely hard to support.

*
-> customFilterSettingHeaderXHeaderInCaseOfConditions()
-> setRequestHeader("loopedBack", "true")
-> <loopback>;

Header("loopedBack", "true") &&
Header("X-Header", ".+")
-> clusterClientRatelimit("A", 30, "10s", "X-Header,X-AnotherHeader")
-> "http://192.3.123.1:909";

Header("loopedBack", "true") &&
-> clusterClientRatelimit("B", 10, "100s", "X-AnotherHeader,X-True-Ip")
-> "http://192.3.123.1:909";

What would we like to have

*
-> customFilterSettingHeaderXHeaderInCaseOfConditions()
-> clusterClientRatelimit("A", 30, "10s", "(X-Header exists in the request),X-AnotherHeader")
-> clusterClientRatelimit("B", 10, "100s", "(X-Header doesn't exist in the request),X-AnotherHeader,X-True-Ip")
-> "http://192.3.123.1:909

Describe the solution you would like A Rejected PR with an example solution.

Describe alternatives you've considered (optional) A clear and concise description of any alternative solutions or features you've considered.

Additional context (optional) Add any other context or screenshots about the feature request here.

Would you like to work on it? Yes, but no time

ponimas avatar Nov 29 '23 16:11 ponimas

I was looking at Common Expression Language (CEL) recently also used by Kubernetes for various rules.

We may think about a new filter that would set header value based on the result of CEL expression and then use it in the clusterClientRatelimit (which applies rate limit when header is not empty) like so:

*
-> customFilterSettingHeaderXHeaderInCaseOfConditions()

-> setRequestHeaderExpr("Ratelimit-A", `request.Header["X-Header"] != "" ? request.Header["X-AnotherHeader"] : null`)
-> clusterClientRatelimit("A", 30, "10s", "Ratelimit-A")

-> setRequestHeaderExpr("Ratelimit-B", `request.Header["X-Header"] == "" ? request.Header["X-AnotherHeader"] + request.Header["X-True-Ip"] : null`)
-> clusterClientRatelimit("B", 10, "100s", "Ratelimit-B")

-> "http://192.3.123.1:909"

For brevity we may put Header (and other request fields) directly into CEL environment (i.e. omit request. prefix) and use shorter expressions like Header["X-Header"] && URL.Path == "/foo" && URL.Query.Has("q") ? "/foo" + Header["X-AnotherHeader"] : null

I also investigated whether it is possible to wire stdlib http.Request and other types into CEL and it seems possible, see https://github.com/google/cel-go/pull/875

AlexanderYastrebov avatar Jan 17 '24 23:01 AlexanderYastrebov