Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rate limit task not behaving well #8483

Closed
jwendell opened this issue Sep 4, 2018 · 7 comments
Closed

Rate limit task not behaving well #8483

jwendell opened this issue Sep 4, 2018 · 7 comments
Assignees
@mandarjog
Labels
area/extensions and telemetry

Comments

@jwendell
Copy link
Member

jwendell commented Sep 4, 2018

I'm running the Rate Limit task and I see that Istio is not honoring the limits for the logged in browser and for the anonymous one.

I wrote a simple shell script that uses curl to simulate two browsers, one NOT authenticated, and the other one authenticated + using a different source ip.

See:

19:37 $ ./bug.sh 
Trying http://192.168.99.100:31380/productpage -A anonymous -Ha=b... 200
Trying http://192.168.99.100:31380/productpage -A anonymous -Ha=b... 200
Trying http://192.168.99.100:31380/productpage -A anonymous -Ha=b... 429
Trying http://192.168.99.100:31380/productpage -A anonymous -Ha=b... 429
Trying http://192.168.99.100:31380/productpage -A anonymous -Ha=b... 429
Trying http://192.168.99.100:31380/productpage -A anonymous -Ha=b... 429
Trying http://192.168.99.100:31380/productpage -A anonymous -Ha=b... 429
Trying http://192.168.99.100:31380/productpage -A anonymous -Ha=b... 429
Trying http://192.168.99.100:31380/productpage -A anonymous -Ha=b... 429
Trying http://192.168.99.100:31380/productpage -A anonymous -Ha=b... 429
Total: 200 = 2	429 = 8

Trying http://192.168.99.100:31380/productpage -A _user_logged_in_different_ip -H "x-forwarded-for: 1.2.3.4" -H "Cookie: session=xuxa" -Ha=b  ... 429
Trying http://192.168.99.100:31380/productpage -A _user_logged_in_different_ip -H "x-forwarded-for: 1.2.3.4" -H "Cookie: session=xuxa" -Ha=b  ... 429
Trying http://192.168.99.100:31380/productpage -A _user_logged_in_different_ip -H "x-forwarded-for: 1.2.3.4" -H "Cookie: session=xuxa" -Ha=b  ... 429
Trying http://192.168.99.100:31380/productpage -A _user_logged_in_different_ip -H "x-forwarded-for: 1.2.3.4" -H "Cookie: session=xuxa" -Ha=b  ... 429
Trying http://192.168.99.100:31380/productpage -A _user_logged_in_different_ip -H "x-forwarded-for: 1.2.3.4" -H "Cookie: session=xuxa" -Ha=b  ... 429
Trying http://192.168.99.100:31380/productpage -A _user_logged_in_different_ip -H "x-forwarded-for: 1.2.3.4" -H "Cookie: session=xuxa" -Ha=b  ... 429
Trying http://192.168.99.100:31380/productpage -A _user_logged_in_different_ip -H "x-forwarded-for: 1.2.3.4" -H "Cookie: session=xuxa" -Ha=b  ... 429
Trying http://192.168.99.100:31380/productpage -A _user_logged_in_different_ip -H "x-forwarded-for: 1.2.3.4" -H "Cookie: session=xuxa" -Ha=b  ... 429
Trying http://192.168.99.100:31380/productpage -A _user_logged_in_different_ip -H "x-forwarded-for: 1.2.3.4" -H "Cookie: session=xuxa" -Ha=b  ... 429
Trying http://192.168.99.100:31380/productpage -A _user_logged_in_different_ip -H "x-forwarded-for: 1.2.3.4" -H "Cookie: session=xuxa" -Ha=b  ... 429
Total: 200 = 0	429 = 10

All my configuration is exactly what is described in the task page, except for the match entry for the rule object. I replaced user with session:

apiVersion: config.istio.io/v1alpha2
kind: rule
metadata:
  name: quota
  namespace: istio-system
spec:
  actions:
  - handler: handler.memquota
    instances:
    - requestcount.quota
  match: match(request.headers["cookie"], "session=*") == false

The curl commands with the session=... cookie should return 200, right?
@jwendell
Copy link
Member Author

jwendell commented Sep 5, 2018

@douglas-reid any hint here?

@douglas-reid
Copy link
Contributor

@jwendell I think the last person to look at the rate limit task was @mandarjog . IIRC, it was updated recently during the development of better e2e tests. @mandarjog any thoughts here?

@tvieira
Copy link
Member

tvieira commented Sep 28, 2018

Any progress here?

@madarou
Copy link

madarou commented Oct 11, 2018

met same issue.
Both match: match(request.headers["cookie"], "session=*") == false and match: match(request.headers["cookie"], "user=*") == false does not work for logged in user.
istio-1.0.1

@stale
Copy link

stale bot commented Jan 9, 2019

This issue has been automatically marked as stale because it has not had activity in the last 90 days. It will be closed in the next 30 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jan 9, 2019
@jwendell jwendell removed the stale label Jan 9, 2019
@stale
Copy link

stale bot commented Apr 9, 2019

This issue has been automatically marked as stale because it has not had activity in the last 90 days. It will be closed in the next 30 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Apr 9, 2019
@stale
Copy link

stale bot commented May 9, 2019

This issue has been automatically closed because it has not had activity in the last month and a half. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.

@stale stale bot closed this as completed May 9, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mandarjog mandarjog

Labels
area/extensions and telemetry
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@jwendell @tvieira @mandarjog @madarou @douglas-reid