syntax = "proto3"; package envoy.api.v2.ratelimit; option java_outer_classname = "RatelimitProto"; option java_multiple_files = true; option java_package = "io.envoyproxy.envoy.api.v2.ratelimit"; option go_package = "ratelimit"; import "validate/validate.proto"; // [#protodoc-title: Common rate limit components] // A RateLimitDescriptor is a list of hierarchical entries that are used by the service to // determine the final rate limit key and overall allowed limit. Here are some examples of how // they might be used for the domain "envoy". // // .. code-block:: cpp // // ["authenticated": "false"], ["remote_address": "10.0.0.1"] // // What it does: Limits all unauthenticated traffic for the IP address 10.0.0.1. The // configuration supplies a default limit for the *remote_address* key. If there is a desire to // raise the limit for 10.0.0.1 or block it entirely it can be specified directly in the // configuration. // // .. code-block:: cpp // // ["authenticated": "false"], ["path": "/foo/bar"] // // What it does: Limits all unauthenticated traffic globally for a specific path (or prefix if // configured that way in the service). // // .. code-block:: cpp // // ["authenticated": "false"], ["path": "/foo/bar"], ["remote_address": "10.0.0.1"] // // What it does: Limits unauthenticated traffic to a specific path for a specific IP address. // Like (1) we can raise/block specific IP addresses if we want with an override configuration. // // .. code-block:: cpp // // ["authenticated": "true"], ["client_id": "foo"] // // What it does: Limits all traffic for an authenticated client "foo" // // .. code-block:: cpp // // ["authenticated": "true"], ["client_id": "foo"], ["path": "/foo/bar"] // // What it does: Limits traffic to a specific path for an authenticated client "foo" // // The idea behind the API is that (1)/(2)/(3) and (4)/(5) can be sent in 1 request if desired. // This enables building complex application scenarios with a generic backend. message RateLimitDescriptor { message Entry { // Descriptor key. string key = 1 [(validate.rules).string.min_bytes = 1]; // Descriptor value. string value = 2 [(validate.rules).string.min_bytes = 1]; } // Descriptor entries. repeated Entry entries = 1 [(validate.rules).repeated .min_items = 1]; }