How to rate limit GRPC connections based on authorization (bearer) token in Nginx Ingress?

bobbidinho nginx-forum at
Wed May 5 19:43:46 UTC 2021

I am trying to rate limit number GRPC connections based on a token included
in the Authorization header. I tried the following settings in the Nginx
configmap and Ingress annotation but Nginx rate limiting is not working.

apiVersion: v1
kind: ConfigMap
  name: nginx-ingress-controller
  namespace: default
  http-snippet: |
    limit_req_zone $http_authorization zone=zone-1:20m rate=10r/m;
    limit_req_zone $http_token zone=zone-2:20m rate=10r/m;

apiVersion: extensions/v1beta1
kind: Ingress
  annotations: nginx GRPC |
      limit_req zone=zone-1;
      limit_req_log_level notice;
      limit_req_status 429;
I try to have Nginx Ingress Controller to rate limit the GRPC/HTTP2 stream
connection based on the value in the $http_authorization variable. I have
modified the Nginx log_format to log the $http_authorization value and
observe that Nginx receives the value. The problem I am facing is that for
some reason the rate limiting rule doesn't get triggered.

Is this the correct approach?

Any help and feedback would be much appreciated!


Posted at Nginx Forum:,291431,291431#msg-291431

More information about the nginx mailing list