Hello,
We're running the latest betas of Traefik on kubernetes. We'd like to apply a rate limit on a specific url route match, but override/exclude specific ip addresses from this. I understand from scattered forum posts that we cannot chain these rules as one might hope, and should instead pursue matching at the route level. If we define two route rules as below, and use a rate-limit on the first and a ClientIP match on the second, clients connecting from the relevant ips are still rate-limited. Interestingly, when we applied ip matching as an allowlist (for testing purposes), the debug logs clearly identify these connections. In this case, the debug logs don't reveal anything useful that tells us which route was actually matched or why. Proxy protocol is enabled on the loadbalancer, and configured in the helm chart.
Some help achieving this goal would be appreciated. It should be noted that the ip list is regularly updated and may become rather long - so perhaps a different approach altogether would be more suitable. I'm surprised the solution with Traefik isn't more obvious.
match: Host(`my.url`) && PathPrefix(`/some/path/`)
kind: Rule
services:
- name: some-service
port: 9999
middlewares:
- name: rate-limit
match: Host(`my.url`) && PathPrefix(`/some/path/`) && ClientIP(`ip address`)
kind: Rule
services:
- name: some-service
port: 9999