Rate Limiting

As an API gateway, APISIX serves as a unified entry point for a massive volume of requests that could include both legitimate and unwanted traffic.

Rate limiting is one of the commonly used techniques to protect and manage APIs. For example, you can configure your API endpoints to allow for a set number of requests within a given period of time. This ensures fair usage of the upstream services and safeguards the APIs from potential cyber attacks like DDoS (Distributed Denial of Service) or excessive requests from web crawlers.

In this tutorial, you will enable the limit-count plugin to set a rate limiting constraint on the incoming traffic.

Prerequisite(s)

1. Complete Get APISIX to install APISIX on Docker or Kubernetes.
2. Complete Configure Routes.

Enable Rate Limiting

Admin API

Update the getting-started-ip route from Configure Routes with the limit-count plugin:

curl -i "http://127.0.0.1:9180/apisix/admin/routes/getting-started-ip" -X PATCH -d '
{
  "plugins": {
    "limit-count": {
      "count": 2,
      "time_window": 10,
      "rejected_code": 429
    }
  }
}'

You will receive an HTTP/1.1 200 OK response if the plugin was added successfully.

ADC

adc.yaml

services:
  - name: httpbin Service
    routes:
      - uris:
          - /ip
        name: getting-started-ip
        plugins:
          limit-count:
            rejected_code: 429
            count: 2
            time_window: 10
        upstream:
          type: roundrobin
          nodes:
            'httpbin.org:80': 1

Synchronize the configuration to APISIX:

adc sync -f adc.yaml

You will receive a similar response if the configuration was synchronized successfully:

✔ Load local configuration
✔ Load remote configuration
✔ Diff configuration
✔ Sync configuration

Ingress Controller

Create a Kubernetes manifest file to configure a route with limit-count enabled using the ApisixRoute custom resource:

httpbin-route.yaml

apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
  name: httpbin-route
  namespace: ingress-apisix
spec:
  http:
    - name: httpbin-route
      match:
        paths:
          - /ip
      backends:
        - serviceName: httpbin
          servicePort: 80
      plugins:
      - name: limit-count
        enable: true 
        config:
          time_window: 10
          count: 2
          rejected_code: 429

Apply the configuration to your cluster:

kubectl apply -f httpbin-route.yaml

You should see the following response:

apisixroute.apisix.apache.org/httpbin-route created

The above configuration limits the incoming requests to a maximum of 2 requests within 10 seconds.

Verify

Generate 50 simultaneous requests to see the rate limiting plugin in effect.

resp=$(seq 50 | xargs -I{} curl "http://127.0.0.1:9080/ip" -o /dev/null -s -w "%{http_code}\n") && \
  count_200=$(echo "$resp" | grep "200" | wc -l) && \
  count_429=$(echo "$resp" | grep "429" | wc -l) && \
  echo "200": $count_200, "429": $count_429

The results are as expected: out of the 50 requests, 2 requests were sent successfully (status code 200) while the others were rejected (status code 429).

"200": 2, "429": 48

Disable Rate Limiting

Admin API

Disable rate limiting by setting the _meta.disable parameter to true:

curl -i "http://127.0.0.1:9180/apisix/admin/routes/getting-started-ip" -X PATCH -d '
{
  "plugins": {
    "limit-count": {
      "_meta": {
        "disable": true
      }
    }
  }
}'

ADC

Disable rate limiting by setting the _meta.disable parameter to true:

adc.yaml

services:
  - name: httpbin Service
    routes:
      - uris:
          - /ip
        name: getting-started-ip
        plugins:
          limit-count:
            rejected_code: 429
            count: 2
            time_window: 10
            _meta:
              disable: true
        upstream:
          type: roundrobin
          nodes:
            'httpbin.org:80': 1

Synchronize the configuration to APISIX:

adc sync -f adc.yaml

Ingress Controller

Update the route configuration file as such:

apiVersion: apisix.apache.org/v2
kind: ApisixRoute
metadata:
  name: httpbin-route
  namespace: ingress-apisix
spec:
  http:
    - name: httpbin-route
      match:
        paths:
          - /ip
      backends:
        - serviceName: httpbin
          servicePort: 80
      plugins:
      - name: limit-count
        enable: false 
        config:
          time_window: 10
          count: 2
          rejected_code: 429

Apply the configuration to your cluster:

kubectl apply -f httpbin-route.yaml

You should see the following response:

apisixroute.apisix.apache.org/httpbin-route configured

Verify

Generate 50 requests again to verify if the rate limiting is disabled:

resp=$(seq 50 | xargs -I{} curl "http://127.0.0.1:9080/ip" -o /dev/null -s -w "%{http_code}\n") && \
  count_200=$(echo "$resp" | grep "200" | wc -l) && \
  count_429=$(echo "$resp" | grep "429" | wc -l) && \
  echo "200": $count_200, "429": $count_429

The results below show that all requests were sent successfully:

"200": 50, "429": 0

More

You can use APISIX variables to configure fined matching rules of rate limiting, such as $host and $uri. In addition, APISIX also supports rate limiting at the cluster level using Redis.

What's Next

You have learned how to configure rate limiting and completed the Getting Started tutorials.

You can continue to explore other documentations to customize APISIX and meet your production needs.