How to exclude certain IPAddresses when doing a RateLimit by Origin type

[angshuman-agarwal]

Describe the question As a user, I would like to exclude certain IP Addresses from the rate limit policy and have the default Too_Many_Requests 429 Status behaviour for the rest. I am using type: Origin. How can I achieve that please ?

NB: I am using 2.2.1.RELEASE.

Additional context I had a look at this issue - https://github.com/marcosbarbero/spring-cloud-zuul-ratelimit/issues/38#issuecomment-720399458, where the suggestion was to disable rate limit, extend Pre- and Post- RateLimit filters and override the shouldFilter method there. But, as soon as I disable rate limit in the config, few classes fail to auto-inject as they are tied to zuul.ratelimit.enabled=true

Please can you suggest if there is a way to specify certain IP Addresses in config as an exclusion list ?

[github-actions[bot]]

Hello @angshuman-agarwal ,thank you for submitting an issue!

[marcosbarbero]

If I understand it correctly you want to allow requests for a single origin and nothing else, is that it?

[angshuman-agarwal]

I want to exclude one IP Address from the RateLimiter policy and have default behaviour for all the other IPs who hit my endpoint. I have a policyList defined for one endpoint with type:Origin.

For the sake of example : If I want 127.0.0.1 to be excluded, how do I do that with rate limit enabled ?

[marcosbarbero]

Unfortunately, the only way to make what you want to work is by creating a policy setting a very high rate limit rule for the given origin. There's no other way to bypass it.

[angshuman-agarwal]

creating a policy setting a very high rate limit rule for the given origin

Thanks, is there a sample / source I can see on how to achieve what you are suggesting please ?

[marcosbarbero]

Something like this would do:

zuul:
  ratelimit:
    enabled: true
    repository: REDIS # or any other you prefer
    default-policy-list: 
      - limit: 99999999 # any high-volume to cover your specific use case
        refresh-interval: 10 # in seconds
        type: 
          - origin=127.0.0.1
      - limit: 10 # request number limit for every other origin
        refresh-interval: 60 #default value (in seconds)

[angshuman-agarwal]

Thanks - I just tried, but looks like it is letting go everything now. I verified by setting a junk IP instead of 127.0.0.1 to see if it blocks localhost, but it does not. I do not get TOO_MANY_REQUESTS back at all.

zuul:
  ratelimit:
    enabled: true
    repository: jpa # or any other you prefer
    default-policy-list: 
      - limit: 99999999 # any high-volume to cover your specific use case
        refresh-interval: 5 # in seconds
        type: 
          - origin=169.0.0.1 # I set a junk IP here to verify if 127.0.0.1 is blocked or not with 429 response
      - limit: 1 # request number limit for every other origin
        refresh-interval: 5 #default value (in seconds)

[marcosbarbero]

Can you share a sample application reproducing the error?

[angshuman-agarwal]

Thanks - Kindly review and let me know. zuulratelimiter.zip

Run : http://localhost:8080/greeting/simple

Please change to - origin=127.0.0.1 too and try as well (does not seem to work as expected)

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 1 day

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 1 day

[github-actions[bot]]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 1 day