How to rate limit GRPC connections based on authorization (bearer) token in Nginx Ingress?

Sergey A. Osokin osa at
Wed May 5 20:09:40 UTC 2021

Hi there,

hope you're doing well.

Please correct me if I wrong, but this looks like a manifest file for
NGINX Ingress Controller from Kubernetes project itself, i.e., and if so I'd recommend
to switch to NGINX Ingress Controller for Kubernetes, please visit to get more details.

Sergey Osokin

On Wed, May 05, 2021 at 03:43:46PM -0400, bobbidinho wrote:
> I am trying to rate limit number GRPC connections based on a token included
> in the Authorization header. I tried the following settings in the Nginx
> configmap and Ingress annotation but Nginx rate limiting is not working.
> ```
> ---
> apiVersion: v1
> kind: ConfigMap
> metadata:
>   name: nginx-ingress-controller
>   namespace: default
> data:
>   http-snippet: |
>     limit_req_zone $http_authorization zone=zone-1:20m rate=10r/m;
>     limit_req_zone $http_token zone=zone-2:20m rate=10r/m;
> apiVersion: extensions/v1beta1
> kind: Ingress
> metadata:
>   annotations:
> nginx
> |
>       limit_req zone=zone-1;
>       limit_req_log_level notice;
>       limit_req_status 429;
> ```
> I try to have Nginx Ingress Controller to rate limit the GRPC/HTTP2 stream
> connection based on the value in the $http_authorization variable. I have
> modified the Nginx log_format to log the $http_authorization value and
> observe that Nginx receives the value. The problem I am facing is that for
> some reason the rate limiting rule doesn't get triggered.
> Is this the correct approach?
> Any help and feedback would be much appreciated!

Sergey Osokin

More information about the nginx mailing list