admin管理员组

文章数量:1122832

I have setup an API-Gateway with kong and below is my kong.yml file.

_format_version: "2.1"
_transform: true

services:
  - name: auth-service
    url: http://xxxxxxxxxxx
    routes:
      - name: auth-routes
        paths:
          - /auth

  - name: audit-service
    url: http://xxxxxxxxxxx
    routes:
      - name: audit-routes
        paths:
          - /audits

plugins:
  - name: rate-limiting
    service: auth-service
    config:
      minute: 100
      hour: 1000
      day: 10000

  - name: rate-limiting
    service: audit-service
    config:
      minute: 100
      hour: 1000
      day: 10000

As you can see in my other server, I have couple of services running and kong handles the traffic according to the rotes.

The problem is, when the ratelimit is reached, kong blocks all IPs. Not just attacking IP. I tested this by running a K6 with a droplet and while it's running, I tried calling the API gateway from my PC and I got the message saying "rate-limit reached"

Any idea how to fix this ? Thanks!

I have setup an API-Gateway with kong and below is my kong.yml file.

_format_version: "2.1"
_transform: true

services:
  - name: auth-service
    url: http://xxxxxxxxxxx
    routes:
      - name: auth-routes
        paths:
          - /auth

  - name: audit-service
    url: http://xxxxxxxxxxx
    routes:
      - name: audit-routes
        paths:
          - /audits

plugins:
  - name: rate-limiting
    service: auth-service
    config:
      minute: 100
      hour: 1000
      day: 10000

  - name: rate-limiting
    service: audit-service
    config:
      minute: 100
      hour: 1000
      day: 10000

As you can see in my other server, I have couple of services running and kong handles the traffic according to the rotes.

The problem is, when the ratelimit is reached, kong blocks all IPs. Not just attacking IP. I tested this by running a K6 with a droplet and while it's running, I tried calling the API gateway from my PC and I got the message saying "rate-limit reached"

Any idea how to fix this ? Thanks!

  • node.js
  • nginx
  • microservices
  • kong
  • kong-plugin
Share Improve this question asked Nov 22, 2024 at 19:38 Tharindu ThisarasingheTharindu Thisarasinghe 3,9888 gold badges45 silver badges74 bronze badges
Add a comment  | 

2 Answers 2

Reset to default 1

According to the documentation, the IP is determined from headers passed into the requests : https://docs.konghq.com/hub/kong-inc/rate-limiting/#limit-by-ip-address

Is there any proxy, firewall or load balancer in front of your API gateway that could possibly always set the same IP into those headers, which would lead the plugin to think that all the requests come from the same IP address ?

Make sure you preserve client IP address:

https://docs.konghq.com/kubernetes-ingress-controller/latest/guides/security/client-ip/

Cloudfront and Firewalls on the way to gateway may replace Host IP with their own and pass client IP in another header like X-Forwarded-For, you should configure your Kong to copy real IP.

本文标签: nodejsKong blocks all IPs when ratelimiting plugin is addedStack Overflow

版权声明:本文标题:node.js - Kong blocks all IPs when rate-limiting plugin is added - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736301178a1931089.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。