Skip to content
This repository has been archived by the owner on Aug 20, 2024. It is now read-only.

airfocusio/rate-limit-proxy

Repository files navigation

rate-limit-proxy

A small go HTTP proxy that can run as sidecar in Kubernetes pods to add HTTP rate limiting:

  • Use shared request counter based on Redis.
  • Different user identification strategies which can be combined:
    • IP which is the default fallback.
    • JWT which you can configure to fit your environment:
      • Where to extract the JWT from? So far Authorization Bearer header custom query parameter are supported.
      • Which signature algorithm to use? So far HSxxx, RSxxx and ESxxx are supported.
      • Which JWT claim to use for identification?
      • Which JWT kid to match?
    • more can be easily added
  • Specify different limits for different user:
    • One default limit for anonymous users.
    • One default limit for all identified users.
    • Special limits depending on the identified user.

Try it out

export JWT_USER="eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ1c2VyIn0.okfJTi3nwcSI2WITtYXRo8NX7JLd-xqW9iYP7smS2Co"
export JWT_SYSTEM="eyJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzeXN0ZW0ifQ.-L6_PMWjva1HxRnhGN1ZhfI5PGnmHNrGwA11ndZD6fI"

# make sure go is installed
go version
make run
curl -s -I -XGET -H "Host: golang.org" localhost:8080
curl -s -I -XGET -H "Host: golang.org" -H "Authorization: Bearer $JWT_USER" localhost:8080
curl -s -I -XGET -H "Host: golang.org" -H "Authorization: Bearer $JWT_SYSTEM" localhost:8080

# make sure minikube is running
minikube start
kubectl apply -f example.kubernetes.yaml
kubectl port-forward svc/nginx 8080:http-public
curl -s -I -XGET localhost:8080
curl -s -I -XGET -H "Authorization: Bearer $JWT_USER" localhost:8080
curl -s -I -XGET -H "Authorization: Bearer $JWT_SYSTEM" localhost:8080
kubectl port-forward svc/nginx 8080:http
curl -s -I -XGET localhost:8080