rate-limit Traffic Policy action docs for more information.
By endpoint
This rule applies rate limiting of 30 requests per minute to the endpoint/api/videos.
on_http_request:
- expressions:
- req.url.contains('/api/specific_endpoint')
actions:
- type: rate-limit
config:
name: Only allow 30 requests per minute
algorithm: sliding_window
capacity: 30
rate: 60s
bucket_key:
- conn.client_ip
{
"on_http_request": [
{
"expressions": [
"req.url.contains('/api/specific_endpoint')"
],
"actions": [
{
"type": "rate-limit",
"config": {
"name": "Only allow 30 requests per minute",
"algorithm": "sliding_window",
"capacity": 30,
"rate": "60s",
"bucket_key": [
"conn.client_ip"
]
}
}
]
}
]
}
Based on authentication status
This rule creates a lower rate limit for unauthenticated (likely free) users, while allowing authenticated users a higher level of capacity.on_http_request:
- expressions:
- "!('Authorization' in req.headers)"
name: Unauthorized rate limiting tier
actions:
- type: rate-limit
config:
name: Allow 10 requests per minute
algorithm: sliding_window
capacity: 10
rate: 60s
bucket_key:
- conn.client_ip
- expressions:
- "('Authorization' in req.headers)"
name: Authorized rate limiting tier
actions:
- type: rate-limit
config:
name: Allow 100 requests per minute
algorithm: sliding_window
capacity: 100
rate: 60s
bucket_key:
- conn.client_ip
{
"on_http_request": [
{
"expressions": [
"!('Authorization' in req.headers)"
],
"name": "Unauthorized rate limiting tier",
"actions": [
{
"type": "rate-limit",
"config": {
"name": "Allow 10 requests per minute",
"algorithm": "sliding_window",
"capacity": 10,
"rate": "60s",
"bucket_key": [
"conn.client_ip"
]
}
}
]
},
{
"expressions": [
"('Authorization' in req.headers)"
],
"name": "Authorized rate limiting tier",
"actions": [
{
"type": "rate-limit",
"config": {
"name": "Allow 100 requests per minute",
"algorithm": "sliding_window",
"capacity": 100,
"rate": "60s",
"bucket_key": [
"conn.client_ip"
]
}
}
]
}
]
}
Based on pricing tiers
Using a naming scheme in your upstream servers with API calls using atier header, you can quickly customize access to your API based on any number of pricing tiers.
This rule checks for a Tier header in the request and applies rate limiting based on the value of that header.
on_http_request:
- expressions:
- "!('Tier' in req.headers)"
name: Free rate limiting tier
actions:
- type: rate-limit
config:
name: Allow 10 requests per minute
algorithm: sliding_window
capacity: 10
rate: 60s
bucket_key:
- conn.client_ip
- expressions:
- getReqHeader('tier').exists(v, v.matches('(?i)bronze'))
name: Bronze rate limiting tier
actions:
- type: rate-limit
config:
name: Allow 100 requests per minute
algorithm: sliding_window
capacity: 100
rate: 60s
bucket_key:
- conn.client_ip
- expressions:
- getReqHeader('tier').exists(v, v.matches('(?i)silver'))
name: Silver rate limiting tier
actions:
- type: rate-limit
config:
name: Allow 1000 requests per minute
algorithm: sliding_window
capacity: 1000
rate: 60s
bucket_key:
- conn.client_ip
- expressions:
- getReqHeader('tier').exists(v, v.matches('(?i)gold'))
name: Gold rate limiting tier
actions:
- type: rate-limit
config:
name: Allow 10000 requests per minute
algorithm: sliding_window
capacity: 10000
rate: 60s
bucket_key:
- conn.client_ip
{
"on_http_request": [
{
"expressions": [
"!('Tier' in req.headers)"
],
"name": "Free rate limiting tier",
"actions": [
{
"type": "rate-limit",
"config": {
"name": "Allow 10 requests per minute",
"algorithm": "sliding_window",
"capacity": 10,
"rate": "60s",
"bucket_key": [
"conn.client_ip"
]
}
}
]
},
{
"expressions": [
"getReqHeader('tier').exists(v, v.matches('(?i)bronze'))"
],
"name": "Bronze rate limiting tier",
"actions": [
{
"type": "rate-limit",
"config": {
"name": "Allow 100 requests per minute",
"algorithm": "sliding_window",
"capacity": 100,
"rate": "60s",
"bucket_key": [
"conn.client_ip"
]
}
}
]
},
{
"expressions": [
"getReqHeader('tier').exists(v, v.matches('(?i)silver'))"
],
"name": "Silver rate limiting tier",
"actions": [
{
"type": "rate-limit",
"config": {
"name": "Allow 1000 requests per minute",
"algorithm": "sliding_window",
"capacity": 1000,
"rate": "60s",
"bucket_key": [
"conn.client_ip"
]
}
}
]
},
{
"expressions": [
"getReqHeader('tier').exists(v, v.matches('(?i)gold'))"
],
"name": "Gold rate limiting tier",
"actions": [
{
"type": "rate-limit",
"config": {
"name": "Allow 10000 requests per minute",
"algorithm": "sliding_window",
"capacity": 10000,
"rate": "60s",
"bucket_key": [
"conn.client_ip"
]
}
}
]
}
]
}