Skip to main content
Version: 3.2.0

Rate Limiting

APISIX is a unified control point, managing the ingress and egress of APIs and microservices traffic. In addition to the legitimate client requests, these requests may also include unwanted traffic generated by web crawlers as well as cyber attacks, such as DDoS.

APISIX offers rate limiting capabilities to protect APIs and microservices by limiting the number of requests sent to upstream services in a given period of time. The count of requests is done efficiently in memory with low latency and high performance.


Routes Diagram

In this tutorial, you will enable the limit-count plugin to set a rate limiting constraint on the incoming traffic.

Prerequisite(s)

  1. Complete the Get APISIX step to install APISIX first.
  2. Complete the Configure Routes step.

Enable Rate Limiting

The following route getting-started-ip is inherited from Configure Routes. You only need to use the PATCH method to add the limit-count plugin to the route:

curl -i "http://127.0.0.1:9180/apisix/admin/routes/getting-started-ip" -X PATCH -d '
{
  "plugins": {
    "limit-count": {
        "count": 2,
        "time_window": 10,
        "rejected_code": 503
     }
  }
}'

You will receive an HTTP/1.1 201 OK response if the plugin was added successfully. The above configuration limits the incoming requests to a maximum of 2 requests within 10 seconds.

Validate

Let's generate 100 simultaneous requests to see the rate limiting plugin in effect.

count=$(seq 100 | xargs -i curl "http://127.0.0.1:9080/ip" -I -sL | grep "503" | wc -l); echo \"200\": $((100 - $count)), \"503\": $count

The results are as expected: out of the 100 requests, 2 requests were sent successfully (status code 200) while the others were rejected (status code 503).

"200": 2, "503": 98

Disable Rate Limiting

Disable rate limiting by setting the _meta.disable parameter to true:

curl -i "http://127.0.0.1:9180/apisix/admin/routes/getting-started-ip" -X PATCH -d '
{
    "plugins": {
        "limit-count": {
            "_meta": {
                "disable": true
            }
        }
    }
}'

Validate

Let's generate 100 requests again to validate if it is disabled:

count=$(seq 100 | xargs -i curl "http://127.0.0.1:9080/ip" -I -sL | grep "503" | wc -l); echo \"200\": $((100 - $count)), \"503\": $count

The results below show that all of the requests were sent successfully:

"200": 100, "503": 0

More

You can use APISIX variables to configure fined matching rules of rate limiting, such as $host and $uri. In addition, APISIX also supports rate limiting at the cluster level using Redis.

What's Next

Congratulations! You have learned how to configure rate limiting and completed the Getting Started tutorials.

You can continue to explore other documentations to customize APISIX and meet your production needs.

API7.ai Logo

API Management for Modern Architectures with Edge, API Gateway, Kubernetes, and Service Mesh.

Product

Documentation
API7 Cloud
API7 Enterprise
Commercial Support

Open Source

Apache APISIX
K8s Ingress Controller
wasm-nginx-module
Contributor Graph

Resources

Blog
NGINX + Lua
APISIX vs Kong
APISIX vs NGINX
Apache APISIX Summit
Apache APISIX Quickstart

Company

About
Contact
Careers
Handbook
Partners
Terms & Privacy

Copyright © HONG KONG APISEVEN LIMITED. 2019 – 2023. Apache, Apache APISIX, and APISIX associated open source project names are trademarks of the

Apache Software Foundation