homelab/traefik
1
0
Fork 0
Code Activity

Add rate limiter, rename maxConn into inFlightReq

Browse source 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
This commit is contained in:
mpl 2019-08-26 12:20:06 +02:00 committed by Traefiker Bot
parent a8c73f7baf
commit 4ec90c5c0d
30 changed files with 1419 additions and 651 deletions
Download patch file Download diff file Expand all files Collapse all files

0
docs/content/assets/img/middleware/maxconnection.png → docs/content/assets/img/middleware/inflightreq.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 63 KiB

After

Width:  |  Height:  |  Size: 63 KiB

Before After
Before After

4
docs/content/assets/styles/extra.css
View file

@ -34,6 +34,10 @@ h3 {
font-weight: bold !important;
}
.md-typeset h5 {
text-transform: none;
}
figcaption {
text-align: center;
font-size: 0.8em;

247
docs/content/middlewares/inflightreq.md Normal file
View file

@ -0,0 +1,247 @@
# InFlightReq
Limiting the Number of Simultaneous In-Flight Requests
{: .subtitle }
![InFlightReq](../assets/img/middleware/inflightreq.png)
To proactively prevent services from being overwhelmed with high load, a limit on the number of simultaneous in-flight requests can be applied.
## Configuration Examples
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-inflightreq
spec:
inFlightReq:
amount: 10
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-inflightreq.inflightreq.amount": "10"
}
```
```yaml tab="Rancher"
# Limiting to 10 simultaneous connections
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-inflightreq.inFlightReq]
amount = 10
```
```yaml tab="File (YAML)"
# Limiting to 10 simultaneous connections
http:
middlewares:
test-inflightreq:
inFlightReq:
amount: 10
```
## Configuration Options
### `amount`
The `amount` option defines the maximum amount of allowed simultaneous in-flight request.
The middleware will return an `HTTP 429 Too Many Requests` if there are already `amount` requests in progress (based on the same `sourceCriterion` strategy).
### `sourceCriterion`
SourceCriterion defines what criterion is used to group requests as originating from a common source.
The precedence order is `ipStrategy`, then `requestHeaderName`, then `requestHost`.
If none are set, the default is to use the `requestHost`.
#### `sourceCriterion.ipStrategy`
The `ipStrategy` option defines two parameters that sets how Traefik will determine the client IP: `depth`, and `excludedIPs`.
##### `ipStrategy.depth`
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
- `depth` is ignored if its value is is lesser than or equal to 0.
!!! note "Example of Depth & X-Forwarded-For"
If `depth` was equal to 2, and the request `X-Forwarded-For` header was `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP would be `"10.0.0.1"` (at depth 4) but the IP used as the criterion would be `"12.0.0.1"` (`depth=2`).
| `X-Forwarded-For` | `depth` | clientIP |
|-----------------------------------------|---------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
##### `ipStrategy.excludedIPs`
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.
!!! important
If `depth` is specified, `excludedIPs` is ignored.
!!! note "Example of ExcludedIPs & X-Forwarded-For"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` |
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-inflightreq
spec:
inFlightReq:
sourceCriterion:
ipStrategy:
excludedIPs:
- 127.0.0.1/32
- 192.168.1.7
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
http:
middlewares:
test-inflightreq:
inFlightReq:
sourceCriterion:
ipStrategy:
excludedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
```
#### `sourceCriterion.requestHeaderName`
Requests having the same value for the given header are grouped as coming from the same source.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-inflightreq
spec:
inFlightReq:
sourceCriterion:
requestHeaderName: username
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername": "username"
}
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHeaderName = "username"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-inflightreq:
inFlightReq:
sourceCriterion:
requestHeaderName: username
```
#### `sourceCriterion.requestHost`
Whether to consider the request host as the source.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-inflightreq
spec:
inFlightReq:
sourceCriterion:
requestHost: true
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost": "true"
}
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-inflightreq.inflightreq]
[http.middlewares.test-inflightreq.inFlightReq.sourceCriterion]
requestHost = true
```
```yaml tab="File (YAML)"
http:
middlewares:
test-inflightreq:
inFlightReq:
sourceCriterion:
requestHost: true
```

71
docs/content/middlewares/maxconnection.md
View file

@ -1,71 +0,0 @@
# MaxConnection
Limiting the Number of Simultaneous Clients
{: .subtitle }
![MaxConnection](../assets/img/middleware/maxconnection.png)
To proactively prevent services from being overwhelmed with high load, a maximum connection limit can be applied.
## Configuration Examples
```yaml tab="Docker"
# Limiting to 10 simultaneous connections
labels:
- "traefik.http.middlewares.test-maxconn.maxconn.amount=10"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-maxconn
spec:
maxConn:
amount: 10
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-maxconn.maxconn.amount": "10"
}
```
```yaml tab="Rancher"
# Limiting to 10 simultaneous connections
labels:
- "traefik.http.middlewares.test-maxconn.maxconn.amount=10"
```
```toml tab="File (TOML)"
# Limiting to 10 simultaneous connections
[http.middlewares]
[http.middlewares.test-maxconn.maxConn]
amount = 10
```
```yaml tab="File (YAML)"
# Limiting to 10 simultaneous connections
http:
middlewares:
test-maxconn:
maxConn:
amount: 10
```
## Configuration Options
### `amount`
The `amount` option defines the maximum amount of allowed simultaneous connections.
The middleware will return an `HTTP 429 Too Many Requests` if there are already `amount` requests in progress (based on the same `extractorFunc` strategy).
### `extractorFunc`
The `extractorFunc` defines the strategy used to categorize requests.
The possible values are:
- `request.host` categorizes requests based on the request host.
- `client.ip` categorizes requests based on the client ip.
- `request.header.ANY_HEADER` categorizes requests based on the provided `ANY_HEADER` value.

2
docs/content/middlewares/overview.md
View file

@ -208,7 +208,7 @@ and therefore this specification would be ignored even if present.
| [ForwardAuth](forwardauth.md) | Authentication delegation | Security, Authentication |
| [Headers](headers.md) | Add / Update headers | Security |
| [IPWhiteList](ipwhitelist.md) | Limit the allowed client IPs | Security, Request lifecycle |
| [MaxConnection](maxconnection.md) | Limit the number of simultaneous connections | Security, Request lifecycle |
| [InFlightReq](inflightreq.md) | Limit the number of simultaneous connections | Security, Request lifecycle |
| [PassTLSClientCert](passtlsclientcert.md) | Adding Client Certificates in a Header | Security |
| [RateLimit](ratelimit.md) | Limit the call frequency | Security, Request lifecycle |
| [RedirectScheme](redirectscheme.md) | Redirect easily the client elsewhere | Request lifecycle |

372
docs/content/middlewares/ratelimit.md
View file

@ -1,9 +1,6 @@
# RateLimit
!!! warning
This middleware is disable for now.
Protection from Too Many Calls
To Control the Number of Requests Going to a Service
{: .subtitle }
![RateLimit](../assets/img/middleware/ratelimit.png)
@ -13,124 +10,337 @@ The RateLimit middleware ensures that services will receive a _fair_ number of r
## Configuration Example
```yaml tab="Docker"
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively.
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.extractorfunc=client.ip"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.period=10s"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.burst=200"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.period=3s"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.average=5"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.burst=10"
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
```
```yaml tab="Kubernetes"
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively.
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
extractorFunc: client.ip
rateSet:
rate0:
period: 10s
average: 100
burst: 200
rate1:
period: 3s
average: 5
burst: 10
average: 100
burst: 50
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.extractorfunc": "client.ip",
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.period": "10s",
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.average": "100",
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.burst": "200",
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.period": "3s",
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.average": "5",
"traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.burst": "10"
"traefik.http.middlewares.test-ratelimit.ratelimit.average": "100",
"traefik.http.middlewares.test-ratelimit.ratelimit.burst": "50"
}
```
```yaml tab="Rancher"
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively.
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.extractorfunc=client.ip"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.period=10s"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate0.burst=200"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.period=3s"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.average=5"
- "traefik.http.middlewares.test-ratelimit.ratelimit.rateset.rate1.burst=10"
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
```
```toml tab="File (TOML)"
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively.
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
extractorFunc = "client.ip"
[http.middlewares.test-ratelimit.rateLimit.rateSet.rate0]
period = "10s"
average = 100
burst = 200
[http.middlewares.test-ratelimit.rateLimit.rateSet.rate1]
period = "3s"
average = 5
burst = 10
average = 100
burst = 50
```
```yaml tab="File (YAML)"
# Here, an average of 5 requests every 3 seconds is allowed and an average of 100 requests every 10 seconds.
# These can "burst" up to 10 and 200 in each period, respectively.
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
http:
middlewares:
test-ratelimit:
rateLimit:
extractorFunc: "client.ip"
rateSet:
rate0:
period: "10s"
average: 100
burst: 200
rate1:
period: "3s"
average: 5
burst: 10
average: 100
burst: 50
```
## Configuration Options
### `extractorFunc`
### `average`
Average is the maximum rate, in requests/s, allowed for the given source.
It defaults to 0, which means no rate limiting.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
average: 100
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.average": "100",
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
rateLimit:
average: 100
```
### `burst`
Burst is the maximum number of requests allowed to go through in the same arbitrarily small period of time.
It defaults to 1.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
burst: 100
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.burst": "100",
}
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
burst = 100
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
rateLimit:
burst: 100
```
### `sourceCriterion`
The `extractorFunc` option defines the strategy used to categorize requests.
SourceCriterion defines what criterion is used to group requests as originating from a common source.
The precedence order is `ipStrategy`, then `requestHeaderName`, then `requestHost`.
If none are set, the default is to use the request's remote address field (as an `ipStrategy`).
The possible values are:
#### `sourceCriterion.ipStrategy`
- `request.host` categorizes requests based on the request host.
- `client.ip` categorizes requests based on the client ip.
- `request.header.ANY_HEADER` categorizes requests based on the provided `ANY_HEADER` value.
The `ipStrategy` option defines two parameters that sets how Traefik will determine the client IP: `depth`, and `excludedIPs`.
### `rateSet`
##### `ipStrategy.depth`
You can combine multiple rate limits.
The rate limit will trigger with the first reached limit.
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
Each rate limit has 3 options, `period`, `average`, and `burst`.
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
- `depth` is ignored if its value is is lesser than or equal to 0.
The rate limit will allow an average of `average` requests every `period`, with a maximum of `burst` request on that period.
!!! note "Example of Depth & X-Forwarded-For"
!!! note "Period Format"
If `depth` was equal to 2, and the request `X-Forwarded-For` header was `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP would be `"10.0.0.1"` (at depth 4) but the IP used as the criterion would be `"12.0.0.1"` (`depth=2`).
Period is to be given in a format understood by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
| `X-Forwarded-For` | `depth` | clientIP |
|-----------------------------------------|---------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
##### `ipStrategy.excludedIPs`
`excludedIPs` tells Traefik to scan the `X-Forwarded-For` header and pick the first IP not in the list.
!!! important
If `depth` is specified, `excludedIPs` is ignored.
!!! note "Example of ExcludedIPs & X-Forwarded-For"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` |
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
sourceCriterion:
ipStrategy:
excludedIPs:
- 127.0.0.1/32
- 192.168.1.7
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
rateLimit:
sourceCriterion:
ipStrategy:
excludedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
```
#### `sourceCriterion.requestHeaderName`
Requests having the same value for the given header are grouped as coming from the same source.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
sourceCriterion:
requestHeaderName: username
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername": "username"
}
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHeaderName = "username"
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
rateLimit:
sourceCriterion:
requestHeaderName: username
```
#### `sourceCriterion.requestHost`
Whether to consider the request host as the source.
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
sourceCriterion:
requestHost: true
```
```yaml tab="Rancher"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost": "true"
}
```
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
[http.middlewares.test-ratelimit.rateLimit.sourceCriterion]
requestHost = true
```
```yaml tab="File (YAML)"
http:
middlewares:
test-ratelimit:
rateLimit:
sourceCriterion:
requestHost: true
```

8
docs/content/reference/dynamic-configuration/docker-labels.yml
View file

@ -64,8 +64,12 @@
- "traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware10.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware11.maxconn.amount=42"
- "traefik.http.middlewares.middleware11.maxconn.extractorfunc=foobar"
- "traefik.http.middlewares.middleware11.inflightreq.amount=42"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware11.inflightreq.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.domaincomponent=true"

9
docs/content/reference/dynamic-configuration/file.toml
View file

@ -170,9 +170,14 @@
depth = 42
excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware11]
[http.middlewares.Middleware11.maxConn]
[http.middlewares.Middleware11.inFlightReq]
amount = 42
extractorFunc = "foobar"
[http.middlewares.Middleware11.inFlightReq.sourceCriterion]
requestHeaderName = "foobar"
requestHost = true
[http.middlewares.Middleware11.inFlightReq.sourceCriterion.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware12]
[http.middlewares.Middleware12.passTLSClientCert]
pem = true

19
docs/content/reference/dynamic-configuration/file.yaml
View file

@ -198,9 +198,14 @@ http:
- foobar
- foobar
Middleware11:
maxConn:
inFlightReq:
amount: 42
extractorFunc: foobar
sourceCriterion:
ipStrategy:
depth: 42
excludedIPs: [ foobar, foobar ]
requestHeaderName: foobar
requestHost: true
Middleware12:
passTLSClientCert:
pem: true
@ -254,6 +259,16 @@ http:
regex:
- foobar
- foobar
Middleware20:
rateLimit:
average: 42
burst: 42
sourceCriterion:
ipStrategy:
depth: 42
excludedIPs: [ foobar, foobar ]
requestHeaderName: foobar
requestHost: true
tcp:
routers:
TCPRouter0:

13
docs/content/reference/dynamic-configuration/marathon-labels.json
View file

@ -64,8 +64,11 @@
"traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.depth": "42",
"traefik.http.middlewares.middleware10.ipwhitelist.ipstrategy.excludedips": "foobar, foobar",
"traefik.http.middlewares.middleware10.ipwhitelist.sourcerange": "foobar, foobar",
"traefik.http.middlewares.middleware11.maxconn.amount": "42",
"traefik.http.middlewares.middleware11.maxconn.extractorfunc": "foobar",
"traefik.http.middlewares.Middleware11.inflightreq.amount": "42",
"traefik.http.middlewares.Middleware11.inflightreq.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware11.inflightreq.sourcecriterion.ipstrategy.excludedips": "foobar, fiibar",
"traefik.http.middlewares.Middleware11.inflightreq.sourcecriterion.requestheadername": "foobar",
"traefik.http.middlewares.Middleware11.inflightreq.sourcecriterion.requesthost": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.commonname": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.country": "true",
"traefik.http.middlewares.middleware12.passtlsclientcert.info.issuer.domaincomponent": "true",
@ -96,6 +99,12 @@
"traefik.http.middlewares.middleware17.retry.attempts": "42",
"traefik.http.middlewares.middleware18.stripprefix.prefixes": "foobar, foobar",
"traefik.http.middlewares.middleware19.stripprefixregex.regex": "foobar, foobar",
"traefik.http.middlewares.Middleware20.ratelimit.average": "42",
"traefik.http.middlewares.Middleware20.ratelimit.burst": "42",
"traefik.http.middlewares.Middleware20.ratelimit.sourcecriterion.requestheadername": "foobar",
"traefik.http.middlewares.Middleware20.ratelimit.sourcecriterion.requesthost": "true",
"traefik.http.middlewares.Middleware20.ratelimit.sourcecriterion.ipstrategy.depth": "42",
"traefik.http.middlewares.Middleware20.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
"traefik.http.routers.router0.entrypoints": "foobar, foobar",
"traefik.http.routers.router0.middlewares": "foobar, foobar",
"traefik.http.routers.router0.priority": "42",