• Home
  • Blog
  • [Tutorial] How to Prioritize Traffic with Rate Limits by HTTP Method

[Tutorial] How to Prioritize Traffic with Rate Limits by HTTP Method

Solo.io | July 28, 2020

Most applications require external users or clients to access a variety of their services and therefore require policies to secure and protect them.  Rate limiting is a strategy implemented in API or Edge Gateways to protect backend services by preventing service outages from being overrun with more requests than it’s resources can process and respond to within the agreed service levels.  

Rate limits can be configured in a variety of ways to limit the volume or requests over a time period to the endpoint, by the client ID, by HTTP method, with integrated security, and more. This article digs a use case case to configure multiple rate limits for the same client ID (remote address). In our previous post, we detailed setting up multiple rate limits by client ID and in this post we cover setting up rate limits by HTTP method. 

 

When to use this use case

Rate limiting by HTTP method helps build resilient systems by implementing different priorities or classes of traffic incoming to the same service that needs to be processed for response. This strategy is strongly related to the concept of load shedding.

The diagram below explains the scenario with an exposed API that supports both GET and POST methods for listing data and creating resources, respectively. Both are important but the POST action is more important to your business and that function needs to be available over the GET function. Multiple rate limits are configured to enable this scenario. 

 

 

Try this use case

Follow along using this tutorial to try configuring this type of rate limiting policy.

Set up your environment using these instructions. Any self-hosted or cloud managed Kubernetes (our demo uses GKE) with Gloo API Gateway (latest 1.4) installed will work. Then deploy the demo app, add a virtual service to expose via Gloo, and query the service.

Then you’ll use these instructions to set up and test the global and nested rate limit configuration with 10 requests per minute for POST and 2 request per minutes with GET.

spec:
  ratelimit:
    descriptors:
    # allow 5 calls per minute for any unique host
    - key: remote_address
      rateLimit:
        requestsPerUnit: 10
        unit: MINUTE
    # specifically limit GET requests from unique hosts to 2 per min

    - key: method
      value: GET
      descriptors:
      - key: remote_address
        rateLimit:
          requestsPerUnit: 2
          unit: MINUTE

 

Watch the demo

 

Learn More

We hope you found this tutorial informative and useful in your exploration of API Gateway functionality. You can watch the full webinar featuring this demo here and sign up for an upcoming webinar here.

About the Author
Darkgray Glooey Logomark V1.1 Solo.io
Solo.io connects the world’s applications with APIs and Service Mesh across any infrastructure to ease the journey to cloud native architecture
Additional Resources
post
Implementing a Custom Integration in the Gateway: An Example With AWS SigV4

April 24, 2024

Read the Article
post
Comparing AWS App Mesh and Istio for AWS Users

April 23, 2024

Read the Article
infographic
Gloo Gateway vs. Apigee
View the Infographic
post
The Battle of Titans: Kong vs. Gloo Gateway

April 19, 2024

Read the Article