-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Duplicate or Conflicting X-RateLimit Headers When Upstream is Another Kong Gateway Service with Rate Limit Plugin Set #14353
Comments
When a service's upstream is another service with rate-limiting enabled, enabling a rate-limiting plugin on the service results in duplicate headers. This PR fixes the issue by removing Kong's rate-limiting headers from the upstream response and applying only the headers from the plugin. Kong#14353
I opened a PR with what I believe is the simplest fix. It removes Kong's rate-limiting headers from the response and applies only the ones configured from the plugin. |
When a service's upstream is another service with rate-limiting enabled, enabling a rate-limiting plugin on the service results in duplicate headers. This PR fixes the issue by removing Kong's rate-limiting headers from the upstream response and applying only the headers from the plugin. Kong#14353
@fekitibi , That's a good point that we should handle such case better. However, I think this is not just as simple as removing duplicated headers only. We may need to consider more about how to handle cascaded rate-limitted services: should we respect all rate limiting windows, or the one put more close to downstream, or the one with the minimal limit, etc. We should first decide the behavior of rate limiting, then how to pick(or merge) the rate limiting capacity in headers. |
Hi @ProBrian ! Here is the thought process behind this solution:
I am open to modifying the PR. What would be the fastest way to move forward, do I have to post this topic somewhere else to discuss the best approach or will we just use this thread? Here is some other ideas:
Looking forward to your thoughts! |
Is there an existing issue for this?
Kong version (
$ kong version
)3.9.0
Current Behavior
I have a gateway service which has a rate limiting plugin enabled. If I try to use that service as my upstream in a new service and I enable the rate limiting plugin on that service as well I am receiving duplicate rate limiting headers. It seems like kong appends the newly created rate limiting headers instead of overwriting them. This is confusing as it makes it unsure which headers we would need to use.
Expected Behavior
Either rename the fields of the upstream's rate limit headers, or to strip them completely and only add the rate limiting headers from the plugin of the new service. Otherwise we could also just overwrite the fields specified in the new plugin. Another approach could be to merge the headers and only showcase the shortest limits.
Either of these behaviours would be better than the current one.
Steps To Reproduce
Anything else?
If this issue will get accepted to speed up the process I have been playing with the rate-limiting plugin code and if it would help I could open a PR with a solution either to clear the upstream's rate limit plugin headers before adding the new ones, or to just overwrite the newly set ones. If another solution would be preferred I can look into it.
The text was updated successfully, but these errors were encountered: