Parameters
See plugin common configurations for configuration options available to all plugins.
This plugin supports referencing sensitive parameter values from environment variables using the env:// prefix, or from a secret manager, such as HashiCorp Vault’s KV secrets engine, using the secret:// prefix. For more information, see environment variables in plugin and secrets.
count
integer
required
vaild vaule:
greater than 0
The maximum number of requests allowed within a given time interval.
time_window
integer
required
vaild vaule:
greater than 0
The time interval corresponding to the rate limiting
countin seconds.window_type
string
default:
fixedvaild vaule:
fixedorslidingRate limiting algorithm, fixed window or sliding window.
key_type
string
default:
varvaild vaule:
var,var_combination, orconstantThe type of key.
If the
key_typeisvar, thekeyis interpreted a variable.If the
key_typeisvar_combination, thekeyis interpreted as a combination of variables.If the
key_typeisconstant, thekeyis interpreted as a constant.key
string
default:
remote_addrThe key to count requests by.
If the
key_typeisvar, thekeyis interpreted a variable. The variable does not need to be prefixed by a dollar sign ($). See built-in variables for avaialble variables.If the
key_typeisvar_combination, thekeyis interpreted as a combination of variables. All variables should be prefixed by dollar signs ($). For example, to configure thekeyto use a combination of two request headerscustom-aandcustom-b, thekeyshould be configured as$http_custom_a $http_custom_b.If the
key_typeisconstant, thekeyis interpreted as a constant value.rejected_code
integer
default:
503vaild vaule:
between 200 and 599 inclusive
The HTTP status code returned when a request is rejected for exceeding the threshold.
rejected_msg
string
vaild vaule:
any non-empty string
The response body returned when a request is rejected for exceeding the threshold.
policy
string
default:
localvaild vaule:
local,redis,redis-cluster, orredis-sentinelThe policy for rate limiting counter.
Set to
localto store the counter in memory locally.Set to
redisto store the counter on a Redis instance.Set to
redis-clusterto store the counter in a Redis cluster.Set to
redis-sentinelto store the counter on the Redis primary node managed by Redis Sentinel, which ensures high availability by automatically promoting a replica to primary in case of failure. Redis Sentinel provides high availability for Redis when not using Redis Cluster.redis_sentinels
array[object]
An array of Redis Sentinel nodes (host and port). Required when
policyisredis-sentinel.redis_master_name
string
The name of the Redis master group that Sentinels are monitoring. Required when
policyisredis-sentinel.redis_role
string
default:
mastervaild vaule:
masterorslaveThe Redis node role to connect to. Configurable when
policyisredis-sentinel. Set tomasterto connect to the current Redis master, and set toslaveto connect to a Redis replica.redis_connect_timeout
integer
default:
1000vaild vaule:
greater than or equal to 1
Timeout in milliseconds for establishing a connection to a Redis node. Configurable when
policyisredis-sentinel.redis_read_timeout
integer
default:
1000vaild vaule:
greater than or equal to 1
Timeout in milliseconds for reading data from a Redis node. Configurable when
policyisredis-sentinel.redis_keepalive_timeout
integer
default:
60000vaild vaule:
greater than or equal to 1
Time in milliseconds that an idle Redis connection is kept alive in the connection pool before being closed. Configurable when
policyisredis-sentinel.sentinel_username
string
Username used to authenticate with the Redis Sentinel instance.
sentinel_password
string
Password used to authenticate with the Redis Sentinel instance.
allow_degradation
boolean
default:
falseIf true, allow APISIX to continue handling requests without the plugin when the plugin or its dependencies become unavailable.
show_limit_quota_header
boolean
default:
trueIf true, include
X-RateLimit-Limitto show the total quota andX-RateLimit-Remainingto show the remaining quota in the response header.group
string
vaild vaule:
non-empty
The
groupID for the plugin, such that routes of the samegroupcan share the same rate limiting counter.redis_host
string
The address of the Redis node. Required when
policyisredis.redis_port
integer
default:
6379vaild vaule:
greater than or equal to 1
The port of the Redis node when
policyisredis.redis_username
string
The username for Redis if Redis ACL is used. If you use the legacy authentication method
requirepass, configure only theredis_password. Used whenpolicyisredis.redis_password
string
default:
6379The password of the Redis node when
policyisredis, orredis-cluster.redis_database
integer
default:
0vaild vaule:
greater than or equal to 0
The database number in Redis when
policyisredisorredis-sentinel.redis_ssl
boolean
default:
falseIf true, use SSL to connect to Redis cluster when
policyisredis.redis_ssl_verify
boolean
default:
falseIf true, verify the server SSL certificate when
policyisredis.redis_timeout
integer
default:
1000vaild vaule:
greater than or equal to 1
The Redis timeout value in milliseconds when
policyisredisorredis-cluster.redis_cluster_nodes
array[string]
The list of the Redis cluster nodes with at least two addresses. Required when policy is redis-cluster.
redis_cluster_name
string
The name of the Redis cluster. Required when
policyisredis-cluster.redis_cluster_ssl
boolean
default:
falseIf true, use SSL to connect to Redis cluster when
policyisredis-cluster.redis_cluster_ssl_verify
boolean
default:
falseIf true, verify the server SSL certificate when
policyisredis-cluster.sync_interval
number
default:
-1vaild vaule:
greater than or equal to 0.1, or the default -1
The frequency of synchronizing counter data to Redis. Available only in Enterprise.
The
sync_intervalvalue should be smaller thantime_window. A value of1results in synchronizing counter data every second. A value of-1yields no change in synchronizing behaviour, i.e. counter data will be synchronized for each request.