In the development of APIs sometimes it’s necessary to control the rate of the traffic received by the network to prevent attacks such as DoS or to limit the number of requests a single user/origin can make to a certain endpoint.
In a microservices architecture the API Gateway is the entry point for the whole application and having a rate limiting in this layer suits perfectly.
Spring Cloud Netflix Zuul
Adding Rate Limit on Zuul
To fix that problem it’s possible to use this OSS Rate Limit library
Spring Cloud Netflix Zuul in which will add an out of the box support for rate-limiting the requests.
The current implementation supports a list of rate limit policies per service as well as a default configuration for every other service if necessary.
|Rate Limit Type||Description|
||Uses the authenticated username or ‘anonymous’|
||Uses the user origin request|
||Uses the request path of the downstream service|
||This one does not validate the request Origin, Authenticated User or URI. To use this approach just don’t set any type|
All the rate-limiting implementation is done using Zuul Filters and applying the validations based on the configuration set per service, in case there’s no policy set then the rate limit filters are not triggered.
When a limit is reached the API Gateway returns
429 Too Many Requests status code to the client.
Everything described above can be configured using properties or YAML files and there’s no need to add any custom code to make it work.
For further details on the implementation and usage, please go to the project repo.