Hello @rp346
This is a little tricky how the Middleware RateLimits works, so let me explain that:
- General rule, all IP addresses that are added to the exclude IPs will be considered as the same source and common rate limits will be applied to all of them. That explains why your IP was blocked after reaching the specified limit.
The configuration you prepared, works in the following way.
- Any request that does not come from 91.197.205.234/32 gets into a different bucket (each unique IP gets its own bucket),
- all requests coming from the matching IP will be added to the bucket for the "" (emptyString) and defined limits will be applied. Since there is one IP in the excludeIPs list, it has no effect and you can remove the excludeIPs criteria.
I understand what you are trying to achieve, so here is the solution you might consider implementing.
In general, you can just create two routes,
- one with rate limits
- the second without assigned
rateLimitmiddleware, the router exclusively for your IP 91.197.205.234/32.
If you can not rely on the source IP, you can consider applying headers to the requests. You can distinguish the incoming request by adding any specific Header to the request and based on that route the network traffic to the router without middleware rateLimit.
Here is the example:
spec:
routes:
- kind: rule
match: Host(`my.example.com`) && HeadersRegexp(`X-No-Limit`, `true`)
middlewares:
- name: no-limit-middleware
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: no-limit-middleware
spec:
headers:
customRequestHeaders:
X-No-Limit: "true"
customResponseHeaders:
X-No-Limit-Response: "you-have-no-limits-enjoy"
I hope that explains that a little bit. You can also have a look at the issue 8052 where one of my teammates explains that, also.
Thank you, Jakub