RateLimit

控制前往服务的请求数

该RateLimit中间件保证服务将接收请求的相当数量,并允许您定义什么是公平的.

Configuration Example

# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-ratelimit
spec:
  rateLimit:
      average: 100
      burst: 50
"labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.average": "100",
  "traefik.http.middlewares.test-ratelimit.ratelimit.burst": "50"
}
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
[http.middlewares]
  [http.middlewares.test-ratelimit.rateLimit]
    average = 100
    burst = 50
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
http:
  middlewares:
    test-ratelimit:
      rateLimit:
        average: 100
        burst: 50

Configuration Options

average

平均是给定源允许的最大速率(以请求/秒为单位). 默认为0,表示没有速率限制.

labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-ratelimit
spec:
  rateLimit:
      average: 100
"labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.average": "100",
}
labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
[http.middlewares]
  [http.middlewares.test-ratelimit.rateLimit]
    average = 100
http:
  middlewares:
    test-ratelimit:
      rateLimit:
        average: 100

burst

突发是在相同的任意短时间内允许通过的最大请求数. 默认为1.

labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-ratelimit
spec:
  rateLimit:
      burst: 100
"labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.burst": "100",
}
labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
[http.middlewares]
  [http.middlewares.test-ratelimit.rateLimit]
    burst = 100
http:
  middlewares:
    test-ratelimit:
      rateLimit:
        burst: 100

sourceCriterion

SourceCriterion定义了用于将请求分组为源自公共源的标准. 优先顺序是ipStrategy ,然后是requestHeaderName ,然后是requestHost . 如果未设置,则默认为使用请求的远程地址字段(作为ipStrategy ).

sourceCriterion.ipStrategy

ipStrategy选项定义两个参数如何设定Traefik将决定客户端IP: depthexcludedIPs .

ipStrategy.depth

depth选项告诉Traefik使用X-Forwarded-For标头,并获取位于depth位置(从右开始)的IP.

  • 如果depth大于X-Forwarded-For的IP总数,则客户端IP将为空.
  • 如果depth的值小于或等于0,则将被忽略.

深度和X-Forwarded-For的示例

如果depth等于2,并且请求X-Forwarded-For标头是"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"那么"实际"客户端IP将是"10.0.0.1" (在深度4),但用作标准的IP将为"12.0.0.1"depth=2 ).

X-Forwarded-For depth clientIP
"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1" 1 "13.0.0.1"
"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1" 3 "11.0.0.1"
"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1" 5 ""
ipStrategy.excludedIPs
labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-ratelimit
spec:
  rateLimit:
    sourceCriterion:
      ipStrategy:
        excludedIPs:
        - 127.0.0.1/32
        - 192.168.1.7
labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
"labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
[http.middlewares]
  [http.middlewares.test-ratelimit.rateLimit]
    [http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
      excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
http:
  middlewares:
    test-ratelimit:
      rateLimit:
        sourceCriterion:
          ipStrategy:
            excludedIPs:
              - "127.0.0.1/32"
              - "192.168.1.7"

excludedIPs告诉Traefik扫描X-Forwarded-For标题和挑头IP不在列表中.

如果指定了depth ,则会忽略excludedIPs的IP.

排除的IP和X-Forwarded-For的示例

X-Forwarded-For excludedIPs clientIP
"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1" "12.0.0.1,13.0.0.1" "11.0.0.1"
"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1" "15.0.0.1,13.0.0.1" "12.0.0.1"
"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1" "10.0.0.1,13.0.0.1" "12.0.0.1"
"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1" "15.0.0.1,16.0.0.1" "13.0.0.1"
"10.0.0.1,11.0.0.1" "10.0.0.1,11.0.0.1" ""

sourceCriterion.requestHeaderName

对于给定标头具有相同值的请求被分组为来自同一源.

labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-ratelimit
spec:
  rateLimit:
    sourceCriterion:
      requestHeaderName: username
labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
"labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername": "username"
}
[http.middlewares]
  [http.middlewares.test-ratelimit.rateLimit]
    [http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
      requestHeaderName = "username"
http:
  middlewares:
    test-ratelimit:
      rateLimit:
        sourceCriterion:
          requestHeaderName: username

sourceCriterion.requestHost

是否将请求主机视为源.

labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-ratelimit
spec:
  rateLimit:
    sourceCriterion:
      requestHost: true
labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
"labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost": "true"
}
[http.middlewares]
  [http.middlewares.test-ratelimit.rateLimit]
    [http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
      requestHost = true
http:
  middlewares:
    test-ratelimit:
      rateLimit:
        sourceCriterion:
          requestHost: true