Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rate limiting issue with CORS plugin? #22

Open
Arsnael opened this issue Nov 26, 2021 · 1 comment
Open

Rate limiting issue with CORS plugin? #22

Arsnael opened this issue Nov 26, 2021 · 1 comment

Comments

@Arsnael
Copy link

Arsnael commented Nov 26, 2021
edited
Loading

Hello!

When using the CORS plugin github_com/devopsfaith/krakend-cors:

"github_com/devopsfaith/krakend-cors": {
      "allow_origins": ["*"],
      "expose_headers": ["Content-Length"],
      "max_age": "12h",
      "allow_methods": ["GET","POST","PUT"]
    }

With the rate limiting defined in a POST endpoint and the header strategy:

"extra_config": {
        "github.com/devopsfaith/krakend-ratelimit/juju/router": {
          "maxRate": 1000,
          "clientMaxRate": 100,
          "strategy": "header",
          "key": "Authorization"
        }
      }

When trying to do a CORS request towards the endpoint, I get a Error #01: ERROR: rate limit exceded and a 409 in krakend logs, and of course the request fails. It seems to only happen for client max rate with the header strategy though. When I switch the strategy to ip it works fine.

Any idea?
@alex-pobeditel-2004
Copy link

I got the same problem but with ip strategy. CORS enabled (if it really matters), same rate limit on almost all endpoints:

 - GET /api/scoring/user/:username
  Timeout: 10s
  QueryString: [*]
  CacheTTL: 5m0s
  Headers to pass: [Jwt X-Real-Ip X-Forwarded-For X-Forwarded-Proto X-Request-Id X-Country-Code X-City-Name User-Agent Authorization Content-Type Accept Cookie]
  OutputEncoding: no-op
  Concurrent calls: 1
  1 endpoint component configuration(s):
  - qos/ratelimit/router
          client_max_rate: 200
          strategy: ip
          key: X-Forwarded-For
  Connecting to 1 backend(s):
    [+] GET /scoring/user/{{.Username}}
    Timeout: 10s
    Hosts: [http://backend:8000]
    Concurrent calls: 1
    Host sanitization disabled: false
    Target:
    Deny: [], Allow: []
    Mapping: map[]
    Group:
    Encoding: no-op
    Is collection: false
    SD:
    0 backend component configuration(s):

Just recently I added specific "slow" rate limits (like 0.02, 0.05 req/s) on several endpoints.
And after that I found that endpoint specified in the beginning throws 429 after just a couple of requests - I tried accessing it 40 times per second and got results like these:

First request: 2022-10-21 18:38:00.375449
Last request: 2022-10-21 18:38:00.770169
Status: 200, count: 3
Status: 429, count: 37

client_max_rate does not matter: I tried 20 / 200 / 2000 req/s - endpoint keeps returning 429s just after 2-3 requests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Arsnael @alex-pobeditel-2004