document security consideration, that client based ratelimits are bas…

…ed on client data chosen by the client (#1248) Signed-off-by: Sandor Szücs <sandor.szuecs@zalando.de>
zalando · Nov 24, 2019 · 09b14a6 · 09b14a6
1 parent 7b408f8
commit 09b14a6
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/docs/tutorials/ratelimit.md b/docs/tutorials/ratelimit.md
@@ -72,6 +72,14 @@ clientRatelimit(10, "1m", "X-Forwarded-For,Authorization,X-Foo")
 Internally skipper has a clean interval to clean up old buckets to reduce
 the memory footprint in the long run.
 
+#### Security Consideration
+
+ClientRatelimit works on data provided by the client. In theory an
+attacker likely can workaround all of your configurations. On the
+other hand there is always a pattern in attacks, and you are more
+likely being able to find the pattern and mitigate the attack, if you
+have a powerful tool like the provided `clientRatelimit`.
+
 ## Cluster Ratelimit
 
 A cluster ratelimit computes all requests for all skipper peers. This
@@ -176,3 +184,11 @@ clusterClientRatelimit("groupC", 5, "10s", "X-Forwarded-For,Authorization,X-Foo"
 
 Internally skipper has a clean interval to clean up old buckets to reduce
 the memory footprint in the long run.
+
+#### Security Consideration
+
+ClusterClientRatelimit works on data provided by the client. In theory an
+attacker likely can workaround all of your configurations. On the
+other hand there is always a pattern in attacks, and you are more
+likely being able to find the pattern and mitigate the attack, if you
+have a powerful tool like the provided `clusterClientRatelimit`.