Skip to content

Commit 32a88bc

Browse files
hieblmihieblmi
committed
README: add section about rate limiting
1 parent abe144a commit 32a88bc

File tree

1 file changed

+49
-0
lines changed

1 file changed

+49
-0
lines changed

README.md

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -50,3 +50,52 @@ services and APIs.
5050
compare with `sample-conf.yaml`.
5151
* Start aperture without any command line parameters (`./aperture`), all configuration
5252
is done in the `~/.aperture/aperture.yaml` file.
53+
54+
## Per-endpoint rate limiting
55+
56+
Aperture supports per-endpoint rate limiting using a token bucket based on golang.org/x/time/rate.
57+
Limits are configured per service using regular expressions that match request paths.
58+
59+
Key properties:
60+
- Scope: per service, per endpoint (path regex).
61+
- Process local: state is in-memory per Aperture process. In clustered deployments, each instance enforces its own limits.
62+
- Evaluation: all matching rules are enforced; if any matching rule denies a request, the request is rejected.
63+
- Protocols: applies to both REST and gRPC requests.
64+
65+
Behavior on limit exceed:
66+
- HTTP/REST: returns 429 Too Many Requests and sets a Retry-After header (in seconds). Sub-second delays are rounded up to 1 second.
67+
- gRPC: response uses HTTP/2 headers/trailers with Grpc-Status and Grpc-Message indicating the error (message: "rate limit exceeded").
68+
- CORS headers are included consistently.
69+
70+
Configuration fields (under a service):
71+
- pathregex: regular expression matched against the URL path (e.g., "/package.Service/Method").
72+
- requests: allowed number of requests per window.
73+
- per: size of the time window (e.g., 1s, 1m). Default: 1s.
74+
- burst: additional burst capacity. Default: equal to requests.
75+
76+
Example (see sample-conf.yaml for a full example):
77+
78+
```yaml
79+
services:
80+
- name: "service1"
81+
hostregexp: '^service1.com$'
82+
pathregexp: '^/.*$'
83+
address: "127.0.0.1:10009"
84+
protocol: https
85+
86+
# Optional per-endpoint rate limits using a token bucket.
87+
ratelimits:
88+
- pathregex: '^/looprpc.SwapServer/LoopOutTerms.*$'
89+
requests: 5
90+
per: 1s
91+
burst: 5
92+
- pathregex: '^/looprpc.SwapServer/LoopOutQuote.*$'
93+
requests: 2
94+
per: 1s
95+
burst: 2
96+
```
97+
98+
Notes:
99+
- If multiple ratelimits match a request path, all must allow the request; the strictest rule will effectively apply.
100+
- If requests or burst are set to 0 or negative, safe defaults are used (requests defaults to 1; burst defaults to requests).
101+
- If per is omitted or 0, it defaults to 1s.

0 commit comments

Comments
 (0)