I want to specify ratelimit to specific api endpoints which includes login, verification, reset, version but anything else shouldn't have any ratelimit.
So I created following IngressRoute
IngressRoute
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: api-external-0 #Everything Else
namespace: dev-ethernet
spec:
entryPoints:
- web
- websecure
routes:
- kind: Rule
match: Host(`api.dev.example.com`)
services:
- name: nginx
port: 80
strategy: RoundRobin
middlewares:
- name: https-redirect
namespace: dev-ethernet
tls:
secretName: dev-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: api-external-1
namespace: dev-ethernet
spec:
entryPoints:
- web
- websecure
routes:
- kind: Rule
match: Host(`api.dev.example.com`) && PathPrefix(`/api/v1/user/`)
services:
- name: nginx
port: 80
strategy: RoundRobin
middlewares:
- name: redirect-ratelimit
namespace: dev-ethernet
tls:
secretName: dev-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: api-external-2
namespace: dev-ethernet
spec:
entryPoints:
- web
- websecure
routes:
- kind: Rule
match: Host(`api.dev.example.com`) && PathPrefix(`/api/v1/login/`)
services:
- name: nginx
port: 80
strategy: RoundRobin
middlewares:
- name: redirect-ratelimit
namespace: dev-ethernet
tls:
secretName: dev-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: api-external-3
namespace: dev-ethernet
spec:
entryPoints:
- web
- websecure
routes:
- kind: Rule
match: Host(`api.dev.example.com`) && PathPrefix(`/api/v1/agreement/`)
services:
- name: nginx
port: 80
strategy: RoundRobin
middlewares:
- name: redirect-ratelimit
namespace: dev-ethernet
tls:
secretName: dev-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: api-external-4
namespace: dev-ethernet
spec:
entryPoints:
- web
- websecure
routes:
- kind: Rule
match: Host(`api.dev.example.com`) && PathPrefix(`/api/v1/user/reset-password/request`)
services:
- name: nginx
port: 80
strategy: RoundRobin
middlewares:
- name: redirect-ratelimit
namespace: dev-ethernet
tls:
secretName: dev-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: api-external-5
namespace: dev-ethernet
spec:
entryPoints:
- web
- websecure
routes:
- kind: Rule
match: Host(`api.dev.example.com`) && PathPrefix(`/api/v1/user/([a-z0-9]+-[a-z0-9]+-[a-z0-9]+-[a-z0-9]+-[a-z0-9]+)/verify/\?code=([0-9]+)`)
services:
- name: nginx
port: 80
strategy: RoundRobin
middlewares:
- name: redirect-ratelimit
namespace: dev-ethernet
tls:
secretName: dev-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: api-external-6
namespace: dev-ethernet
spec:
entryPoints:
- web
- websecure
routes:
- kind: Rule
match: Host(`api.dev.example.com`) && PathPrefix(`/api/v1/build_version`)
services:
- name: nginx
port: 80
strategy: RoundRobin
middlewares:
- name: redirect-ratelimit
namespace: dev-ethernet
tls:
secretName: dev-cert
I have Middleware
Middleware
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect-ratelimit
namespace: dev-ethernet
spec:
chain:
middlewares:
- name: https-redirect
- name: ratelimit-api
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: https-redirect
namespace: dev-ethernet
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: ratelimit-api
namespace: dev-ethernet
spec:
rateLimit:
period: 1m
average: 8
burst: 5
With this setup for endpoint api.dev.example.com/api/v1/build_version
I get Too Many Requests
on 5th request hit from same IP, which is as expected.
But for endpoint api.dev.example.com/api/v1/login
I don't see rate-limit is working at all.
What I am missing here ?