ratelimit.proto

Package: ratelimit.plugins.gloo.solo.io

Types:
Source File: github.com/solo-io/solo-projects/projects/gloo/api/v1/plugins/ratelimit/ratelimit.proto

Descriptor

"key": string
"value": string
"rateLimit": .ratelimit.plugins.gloo.solo.io.RateLimit
"descriptors": []ratelimit.plugins.gloo.solo.io.Descriptor

Field Type Description Default
key string
value string
rateLimit .ratelimit.plugins.gloo.solo.io.RateLimit
descriptors []ratelimit.plugins.gloo.solo.io.Descriptor

RateLimit

"unit": .ratelimit.plugins.gloo.solo.io.RateLimit.Unit
"requestsPerUnit": int

Field Type Description Default
unit .ratelimit.plugins.gloo.solo.io.RateLimit.Unit
requestsPerUnit int

Unit

Name Description
UNKNOWN
SECOND
MINUTE
HOUR
DAY

IngressRateLimit

"authorizedLimits": .ratelimit.plugins.gloo.solo.io.RateLimit
"anonymousLimits": .ratelimit.plugins.gloo.solo.io.RateLimit

Field Type Description Default
authorizedLimits .ratelimit.plugins.gloo.solo.io.RateLimit
anonymousLimits .ratelimit.plugins.gloo.solo.io.RateLimit

Settings

"ratelimitServerRef": .core.solo.io.ResourceRef

Field Type Description Default
ratelimitServerRef .core.solo.io.ResourceRef

EnvoySettings

"customConfig": .ratelimit.plugins.gloo.solo.io.EnvoySettings.RateLimitCustomConfig

Field Type Description Default
customConfig .ratelimit.plugins.gloo.solo.io.EnvoySettings.RateLimitCustomConfig

RateLimitCustomConfig

"descriptors": []ratelimit.plugins.gloo.solo.io.Descriptor

Field Type Description Default
descriptors []ratelimit.plugins.gloo.solo.io.Descriptor

RateLimitActions

"actions": []ratelimit.plugins.gloo.solo.io.Action

Field Type Description Default
actions []ratelimit.plugins.gloo.solo.io.Action

RateLimitVhostExtension

"rateLimits": []ratelimit.plugins.gloo.solo.io.RateLimitActions

Field Type Description Default
rateLimits []ratelimit.plugins.gloo.solo.io.RateLimitActions

RateLimitRouteExtension

"includeVhRateLimits": bool
"rateLimits": []ratelimit.plugins.gloo.solo.io.RateLimitActions

Field Type Description Default
includeVhRateLimits bool
rateLimits []ratelimit.plugins.gloo.solo.io.RateLimitActions

Action

TODO(yuval-k): copied from envoy; will be removed and imported properly in a future when we vendor protos

"sourceCluster": .ratelimit.plugins.gloo.solo.io.Action.SourceCluster
"destinationCluster": .ratelimit.plugins.gloo.solo.io.Action.DestinationCluster
"requestHeaders": .ratelimit.plugins.gloo.solo.io.Action.RequestHeaders
"remoteAddress": .ratelimit.plugins.gloo.solo.io.Action.RemoteAddress
"genericKey": .ratelimit.plugins.gloo.solo.io.Action.GenericKey
"headerValueMatch": .ratelimit.plugins.gloo.solo.io.Action.HeaderValueMatch

Field Type Description Default
sourceCluster .ratelimit.plugins.gloo.solo.io.Action.SourceCluster Rate limit on source cluster.
destinationCluster .ratelimit.plugins.gloo.solo.io.Action.DestinationCluster Rate limit on destination cluster.
requestHeaders .ratelimit.plugins.gloo.solo.io.Action.RequestHeaders Rate limit on request headers.
remoteAddress .ratelimit.plugins.gloo.solo.io.Action.RemoteAddress Rate limit on remote address.
genericKey .ratelimit.plugins.gloo.solo.io.Action.GenericKey Rate limit on a generic key.
headerValueMatch .ratelimit.plugins.gloo.solo.io.Action.HeaderValueMatch Rate limit on the existence of request headers.

SourceCluster

The following descriptor entry is appended to the descriptor:

.. code-block:: cpp

(“source_cluster”, “”)

is derived from the :option:--service-cluster option.


Field Type Description Default

DestinationCluster

The following descriptor entry is appended to the descriptor:

.. code-block:: cpp

(“destination_cluster”, “”)

Once a request matches against a route table rule, a routed cluster is determined by one of the following :ref:route table configuration <envoy_api_msg_RouteConfiguration> settings:

  • :ref:cluster <envoy_api_field_route.RouteAction.cluster> indicates the upstream cluster to route to.
  • :ref:weighted_clusters <envoy_api_field_route.RouteAction.weighted_clusters> chooses a cluster randomly from a set of clusters with attributed weight.
  • :ref:cluster_header <envoy_api_field_route.RouteAction.cluster_header> indicates which header in the request contains the target cluster.

Field Type Description Default

RequestHeaders

The following descriptor entry is appended when a header contains a key that matches the header_name:

.. code-block:: cpp

(””, “”)

"headerName": string
"descriptorKey": string

Field Type Description Default
headerName string The header name to be queried from the request headers. The header’s value is used to populate the value of the descriptor entry for the descriptor_key.
descriptorKey string The key to use in the descriptor entry.

RemoteAddress

The following descriptor entry is appended to the descriptor and is populated using the trusted address from :ref:x-forwarded-for <config_http_conn_man_headers_x-forwarded-for>:

.. code-block:: cpp

(“remote_address”, “”)


Field Type Description Default

GenericKey

The following descriptor entry is appended to the descriptor:

.. code-block:: cpp

(“generic_key”, “”)

"descriptorValue": string

Field Type Description Default
descriptorValue string The value to use in the descriptor entry.

HeaderValueMatch

The following descriptor entry is appended to the descriptor:

.. code-block:: cpp

(“header_match”, “”)

"descriptorValue": string
"expectMatch": .google.protobuf.BoolValue
"headers": []ratelimit.plugins.gloo.solo.io.HeaderMatcher

Field Type Description Default
descriptorValue string The value to use in the descriptor entry.
expectMatch .google.protobuf.BoolValue If set to true, the action will append a descriptor entry when the request matches the headers. If set to false, the action will append a descriptor entry when the request does not match the headers. The default value is true.
headers []ratelimit.plugins.gloo.solo.io.HeaderMatcher Specifies a set of headers that the rate limit action should match on. The action will check the request’s headers against all the specified headers in the config. A match will happen if all the headers in the config are present in the request with the same values (or based on presence if the value field is not in the config).

Int64Range

Specifies the int64 start and end of the range using half-open interval semantics [start, end).

"start": int
"end": int

Field Type Description Default
start int start of the range (inclusive)
end int end of the range (exclusive)

HeaderMatcher

"name": string
"exactMatch": string
"regexMatch": string
"rangeMatch": .ratelimit.plugins.gloo.solo.io.Int64Range
"presentMatch": bool
"prefixMatch": string
"suffixMatch": string
"invertMatch": bool

Field Type Description Default
name string Specifies the name of the header in the request.
exactMatch string If specified, header match will be performed based on the value of the header.
regexMatch string If specified, this regex string is a regular expression rule which implies the entire request header value must match the regex. The rule will not match if only a subsequence of the request header value matches the regex. The regex grammar used in the value field is defined here <https://en.cppreference.com/w/cpp/regex/ecmascript>_. Examples: * The regex \d{3} matches the value 123 * The regex \d{3} does not match the value 1234 * The regex \d{3} does not match the value 123.456
rangeMatch .ratelimit.plugins.gloo.solo.io.Int64Range If specified, header match will be performed based on range. The rule will match if the request header value is within this range. The entire request header value must represent an integer in base 10 notation: consisting of an optional plus or minus sign followed by a sequence of digits. The rule will not match if the header value does not represent an integer. Match will fail for empty values, floating point numbers or if only a subsequence of the header value is an integer. Examples: * For range [-10,0), route will match for header value -1, but not for 0, “somestring”, 10.9, “-1somestring”
presentMatch bool If specified, header match will be performed based on whether the header is in the request.
prefixMatch string If specified, header match will be performed based on the prefix of the header value. Note: empty prefix is not allowed, please use present_match instead. Examples: * The prefix abcd matches the value abcdxyz, but not for abcxyz.
suffixMatch string If specified, header match will be performed based on the suffix of the header value. Note: empty suffix is not allowed, please use present_match instead. Examples: * The suffix abcd matches the value xyzabcd, but not for xyzbcd.
invertMatch bool If specified, the match result will be inverted before checking. Defaults to false. Examples: * The regex \d{3} does not match the value 1234, so it will match when inverted. * The range [-10,0) will match the value -1, so it will not match when inverted.

QueryParameterMatcher

Query parameter matching treats the query string of a request’s :path header as an ampersand-separated list of keys and/or key=value elements.

"name": string
"value": string
"regex": .google.protobuf.BoolValue

Field Type Description Default
name string Specifies the name of a key that must be present in the requested path’s query string.
value string Specifies the value of the key. If the value is absent, a request that contains the key in its query string will match, whether the key appears with a value (e.g., “?debug=true”) or not (e.g., “?debug”)
regex .google.protobuf.BoolValue Specifies whether the query parameter value is a regular expression. Defaults to false. The entire query parameter value (i.e., the part to the right of the equals sign in “key=value”) must match the regex. E.g., the regex “\d+$” will match “123” but not “a123” or “123a”.