Rate limit plugin behaviour with corporate proxy between user and API Gateway?


As per the documentation of rate limit plugin, Rate limiting plugin will throttle the client requests based on client_ip of end user.
What if there is a corporate proxy between end user and API GW? The typical request flow that I am thinking about looks like this: End user (browser) —> corporate proxy —> Load balancer —> Kong API GW
In this case even if use we x-forwarded-for(with load balancer) OR remote_addr (without load balancer) to determine the actual end user’s IP address, will it give it correctly OR it will be of corporate proxy server?

thanks in adance

1 Like


can anybody help me to understand the above behaviour from Rate Limit plugin?

Thanks in Advance

1 Like

i´ve had the same problem.
any one else ??

Kong’s rate limiting plugin is going to pull the IP address using the kong.client.get_forwarded_ip() PDK method, a method which uses Kong’s understanding of the forwarded or client IP address. You can configure how Kong detects the forwarded IP address using the trusted_ips, real_ip_header, and real_ip_recursive configurations within kong.conf. See the linked documentation for how to configure those values.

For an example, here is how we configure those configuration variables:

trusted_ips       = <comma-delimeted list of IP addresses for our load balancer>
real_ip_header    = X-Forwarded-For
real_ip_recursive = on

Hope that helps.

© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ