How to rate limit GRPC connections based on authorization (bearer) token in Nginx Ingress?
bobbidinho
nginx-forum at forum.nginx.org
Wed May 5 19:43:46 UTC 2021
I am trying to rate limit number GRPC connections based on a token included
in the Authorization header. I tried the following settings in the Nginx
configmap and Ingress annotation but Nginx rate limiting is not working.
```
---
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-ingress-controller
namespace: default
data:
http-snippet: |
limit_req_zone $http_authorization zone=zone-1:20m rate=10r/m;
limit_req_zone $http_token zone=zone-2:20m rate=10r/m;
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: GRPC
nginx.ingress.kubernetes.io/configuration-snippet: |
limit_req zone=zone-1;
limit_req_log_level notice;
limit_req_status 429;
```
I try to have Nginx Ingress Controller to rate limit the GRPC/HTTP2 stream
connection based on the value in the $http_authorization variable. I have
modified the Nginx log_format to log the $http_authorization value and
observe that Nginx receives the value. The problem I am facing is that for
some reason the rate limiting rule doesn't get triggered.
Is this the correct approach?
Any help and feedback would be much appreciated!
Thanks
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291431,291431#msg-291431
More information about the nginx
mailing list