- [中文](../zh-cn/plugins/limit-req.md) # Summary - [Introduction](#introduction) - [Attributes](#attributes) - [Example](#example) - [How to enable on the `route` or `serivce`](#how-to-enable-on-the-route-or-serivce) - [How to enable on the `consumer`](#how-to-enable-on-the-consumer) - [Disable Plugin](#disable-plugin) ## Introduction limit request rate using the "leaky bucket" method. ## Attributes | Name | Type | Requirement | Default | Valid | Description | | ------------- | ------- | ----------- | ------- | ------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | rate | integer | required | | [0,...] | the specified request rate (number per second) threshold. Requests exceeding this rate (and below `burst`) will get delayed to conform to the rate. | | burst | integer | required | | [0,...] | the number of excessive requests per second allowed to be delayed. Requests exceeding this hard limit will get rejected immediately. | | key | string | required | | ["remote_addr", "server_addr", "http_x_real_ip", "http_x_forwarded_for", "consumer_name"] | the user specified key to limit the rate, now accept those as key: "remote_addr"(client's IP), "server_addr"(server's IP), "X-Forwarded-For/X-Real-IP" in request header, "consumer_name"(consumer's username). | | rejected_code | integer | optional | 503 | [200,...] | The HTTP status code returned when the request exceeds the threshold is rejected. | **Key can be customized by the user, only need to modify a line of code of the plug-in to complete. It is a security consideration that is not open in the plugin.** ## Example ### How to enable on the `route` or `serivce` Take `route` as an example (the use of `service` is the same method), enable the `limit-req` plugin on the specified route. ```shell curl http://127.0.0.1:9080/apisix/admin/routes/1 -H 'X-API-KEY: edd1c9f034335f136f87ad84b625c8f1' -X PUT -d ' { "methods": ["GET"], "uri": "/index.html", "plugins": { "limit-req": { "rate": 1, "burst": 2, "rejected_code": 503, "key": "remote_addr" } }, "upstream": { "type": "roundrobin", "nodes": { "39.97.63.215:80": 1 } } }' ``` You can open dashboard with a browser: `http://127.0.0.1:9080/apisix/dashboard/`, to complete the above operation through the web interface, first add a route: ![add route](../images/plugin/limit-req-1.png) Then add limit-req plugin: ![add plugin](../images/plugin/limit-req-2.png) **Test Plugin** The above configuration limits the request rate to 1 per second. If it is greater than 1 and less than 3, the delay will be added. If the rate exceeds 3, it will be rejected: ```shell curl -i http://127.0.0.1:9080/index.html ``` When you exceed, you will receive a response header with a 503 return code: ```html HTTP/1.1 503 Service Temporarily Unavailable Content-Type: text/html Content-Length: 194 Connection: keep-alive Server: APISIX web server