Rate Limiting but Not for All Requests

Hello, I am wondering if the EE Advanced Rate Limiting plugin supports an option to whitelist some IP addresses. It could be extra embarrassing if somebody in my office gets rate-limited accidentally. It’s possible, especially when learning to use Kong.

Neither rate-limiting nor rate-limiting-advanced support white listing per se - but setting a very high limit for your office IP address will have nearly the same effect.

Note that rate limiting is also useful to prevent inadvertent over-use of your upstream services - and your colleagues could make a mistake and consume so much of a Kong-proxied service that it causes an outage for all users.

Thus, I recommend setting the rate limit for your office IP to something that your backend can handle without notable degradation.

So I can target a specific IP address? Would that entail changin config.identifier from ip to the IP of my office? Basically 2 plugins for each route, one with config.identifier=ip and a second for config.identifier= for example?

Oh gosh, I realize now I gave incorrect advice - I’m sorry for causing confusion.

No, you cannot rate limit by specific IP address.

You can rate limit by Consumer, so if your office colleagues were authenticating to Kong, they could get a higher rate limit than your outside-of-office users. This could work regardless of whether or not your external consumers are authenticating - if they are authenticating, you’d assign their Consumers lower rate limits. If they aren’t authenticating, see https://docs.konghq.com/0.14.x/auth/#anonymous-access for advice.

1 Like