Skip to content

如何实现基于Sentinel LimitApp扩展的防护

Jump to bottom
HaojunRen edited this page May 31, 2024 · 2 revisions

该功能对于上面5种规则都有效,这里以授权规则展开阐述

授权规则中,limitApp,如果有多个,可以通过“,”分隔。"strategy": 0 表示白名单,"strategy": 1 表示黑名单

支持如下开关开启该动能,默认是关闭的

# 启动和关闭Sentinel LimitApp限流等功能。缺失则默认为false
spring.application.strategy.sentinel.limit.app.enabled=true

基于服务名的防护

修改配置项Sentinel Request Origin Key为服务名Header,修改授权规则中limitApp为对应的服务名,可实现基于服务名的防护

配置项,该配置项默认为n-d-service-id,可以不配置

spring.application.strategy.sentinel.request.origin.key=n-d-service-id

增加服务discovery-guide-service-b的规则,Group为discovery-guide-group,Data Id为discovery-guide-service-b-sentinel-authority,规则内容如下,表示所有discovery-guide-service-a服务允许访问discovery-guide-service-b服务

[
    {
        "resource": "sentinel-resource",
        "limitApp": "discovery-guide-service-a",
        "strategy": 0
    }
]

基于组的防护

修改配置项Sentinel Request Origin Key为组Header,修改授权规则中limitApp为对应的组名,可实现基于组的防护

配置项

spring.application.strategy.sentinel.request.origin.key=n-d-service-group

增加服务discovery-guide-service-b的规则,Group为discovery-guide-group,Data Id为discovery-guide-service-b-sentinel-authority,规则内容如下,表示隶属my-group组的所有服务都允许访问服务discovery-guide-service-b

[
    {
        "resource": "sentinel-resource",
        "limitApp": "my-group",
        "strategy": 0
    }
]

基于版本的防护

修改配置项Sentinel Request Origin Key为版本Header,修改授权规则中limitApp为对应的版本,可实现基于版本的防护机制

配置项

spring.application.strategy.sentinel.request.origin.key=n-d-service-version

增加服务discovery-guide-service-b的规则,Group为discovery-guide-group,Data Id为discovery-guide-service-b-sentinel-authority,规则内容如下,表示版本为1.0的所有服务都允许访问服务discovery-guide-service-b

[
    {
        "resource": "sentinel-resource",
        "limitApp": "1.0",
        "strategy": 0
    }
]

基于区域的防护

修改配置项Sentinel Request Origin Key为区域Header,修改授权规则中limitApp为对应的区域,可实现基于区域的防护

配置项

spring.application.strategy.sentinel.request.origin.key=n-d-service-region

增加服务discovery-guide-service-b的规则,Group为discovery-guide-group,Data Id为discovery-guide-service-b-sentinel-authority,规则内容如下,表示区域为dev的所有服务都允许访问服务discovery-guide-service-b

[
    {
        "resource": "sentinel-resource",
        "limitApp": "dev",
        "strategy": 0
    }
]

基于环境的防护

修改配置项Sentinel Request Origin Key为环境Header,修改授权规则中limitApp为对应的环境,可实现基于环境的防护

配置项

spring.application.strategy.sentinel.request.origin.key=n-d-service-env

增加服务discovery-guide-service-b的规则,Group为discovery-guide-group,Data Id为discovery-guide-service-b-sentinel-authority,规则内容如下,表示环境为env1的所有服务都允许访问服务discovery-guide-service-b

[
    {
        "resource": "sentinel-resource",
        "limitApp": "env1",
        "strategy": 0
    }
]

基于可用区的防护

修改配置项Sentinel Request Origin Key为可用区Header,修改授权规则中limitApp为对应的可用区,可实现基于可用区的防护

配置项

spring.application.strategy.sentinel.request.origin.key=n-d-service-zone

增加服务discovery-guide-service-b的规则,Group为discovery-guide-group,Data Id为discovery-guide-service-b-sentinel-authority,规则内容如下,表示可用区为zone1的所有服务都允许访问服务discovery-guide-service-b

[
    {
        "resource": "sentinel-resource",
        "limitApp": "zone1",
        "strategy": 0
    }
]

基于IP地址和端口的防护

修改配置项Sentinel Request Origin Key为IP地址和端口Header,修改授权规则中limitApp为对应的区域值,可实现基于IP地址和端口的防护

配置项

spring.application.strategy.sentinel.request.origin.key=n-d-service-address

增加服务discovery-guide-service-b的规则,Group为discovery-guide-group,Data Id为discovery-guide-service-b-sentinel-authority,规则内容如下,表示地址和端口为192.168.0.88:8081和192.168.0.88:8082的服务都允许访问服务discovery-guide-service-b

[
    {
        "resource": "sentinel-resource",
        "limitApp": "192.168.0.88:8081,192.168.0.88:8082",
        "strategy": 0
    }
]




2017-2050 ©Nepxion Studio Apache License

           

Total visits

讲义篇

集成篇

概念篇

实践篇

功能篇

配置篇

扩展篇

测试篇

升级篇

贡献篇

Clone this wiki locally