Adding Rate Limiting for Spring Cloud Netflix Zuul

In the development of APIs, sometimes it's necessary to control the rate of the traffic received by the network to prevent attacks such as DoS or to limit the number of requests a single user/origin can make to a certain endpoint.

In microservices architecture, the API Gateway is the entry point for the whole application, and having rate limiting in this layer suits it perfectly.

Spring Cloud Netflix Zuul

Spring Cloud Netflix Zuul is an Open Source API Gateway that wraps Netflix Zuul and adds quite a few functionalities, sadly rate limiting is something that's not provided out of the box.

Adding Rate Limit on Zuul

To fix that problem, it's possible to use this OSS Rate Limit library along with Spring Cloud Netflix Zuul, which will add out-of-the-box support for rate limiting the requests.

Supported Limiters

The current implementation supports a list of rate limit policies per service, as well as a default configuration for every other service, if necessary.

Type Description

Authenticated User

Uses the authenticated username or 'anonymous'

Request Origin

Uses the user origin request

URL

Uses the request path of the downstream service

Global configuration per service

This one does not validate the request Origin, Authenticated User or URI. To use this approach just don’t set any type


Supported Storage

Implementation

All the rate-limiting implementation is done using Zuul Filters and applying the validations based on the configuration set per service, in case there's no policy set, then the rate limit filters are not triggered.

When a limit is reached the API Gateway returns 429 Too Many Requests status code to the client.

Configuration

Everything described above can be configured using properties or YAML files and there's no need to add any custom code to make it work.

Further Details

For further details on the implementation and usage, please go to the project repo.

 

 

 

 

Top