I’d like to be able to setup 2 different rate-limit policies on a route/schema to prevent brute-force attack from a single IP address and globally to protect our backend.
Since I couldn’t find a way to setup 2 policies on a service or a route, I decided to try to setup one policy on the route and one policy on the service.
Well… it does not work…
What it does instead, is applying the service policy to any routes attached to this service that have not a specific policy defined. It seems that the limits will not apply globally at all the routes of the service
I’m using Kong 1.5 in dbless mode. here is the conf
plugins: - name: rate-limiting service: echoService config: minute: 20 policy: local services: - name: echoService url: <backend url> protocol: [http, https] routes: - name: echoNoLimit paths: [/echo-nolimit] methods: [GET] - name: echoLocal paths: [/echo-local] methods: [GET] plugins: - name: rate-limiting config: minute: 10 policy: local limit_by: ip
Interestingly, I’ve tried to use limit_by: service at the service level following the documentation, but it throws me an error asking for consumer, credentials or ip only
Here is the error message:
error parsing declarative config file /etc/kong/kong.yml: kong-front_1 | in 'plugins': kong-front_1 | - in entry 4 of 'plugins': kong-front_1 | in 'config': kong-front_1 | in 'limit_by': expected one of: consumer, credential, ip
Any help appreciated