You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: content/nic/configuration/policy-resource.md
+28-1Lines changed: 28 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -175,8 +175,14 @@ condition:
175
175
|Field | Description | Type | Required |
176
176
| ---| ---| ---| --- |
177
177
|``jwt`` | defines a JWT condition to rate limit against. | [ratelimit.condition.jwt](#ratelimitconditionjwt) | No |
178
-
|``default`` | sets the rate limit in this policy to be the default if no conditions are met. In a group of policies with the same JWT condition, only one policy can be the default. | ``bool`` | No |
178
+
|``variables`` | defines a Variable condition to rate limit against. | [ratelimit.condition.variables](#ratelimitconditionvariables) | No |
179
+
|``default`` | sets the rate limit in this policy to be the default if no conditions are met. In a group of policies with the same condition, only one policy can be the default. | ``bool`` | No |
179
180
{{% /table %}}
181
+
{{< note >}}
182
+
183
+
One condition of type `jwt` or `variables` is required. Only ony condition per Policy is supported.
184
+
185
+
{{< /note >}}
180
186
181
187
The rate limit policy with condition is designed to be used in combination with one or more rate limit policies. For example, multiple rate limit policies with [RateLimit.Condition.JWT](#ratelimitconditionjwt) can be used to apply different tiers of rate limit based on the value of a JWT claim. For a practical example of tiered rate limiting by the value of a JWT claim, see the example in our [GitHub repository](https://github.com/nginx/kubernetes-ingress/tree/v{{< nic-version >}}/examples/custom-resources/rate-limit-tiered-jwt-claim/README.md).
182
188
@@ -213,6 +219,27 @@ The rate limit policy will only apply to requests that contain a JWT with the sp
213
219
|``match`` | the value of the claim to match against. | ``string`` | Yes |
214
220
{{% /table %}}
215
221
222
+
### RateLimit.Condition.Variables
223
+
224
+
RateLimit.Condition.Variables defines a condition for a rate limit by NGINX variable. For example, here we define a condition for a rate limit policy that only applies to requests with the request method with a value `GET`:
225
+
226
+
```yaml
227
+
variables:
228
+
- name: $request_method
229
+
match: GET
230
+
```
231
+
232
+
{{< note >}}
233
+
Only one variable at a time is supported at present.
234
+
{{< /note >}}
235
+
236
+
{{% table %}}
237
+
|Field | Description | Type | Required |
238
+
| ---| ---| ---| --- |
239
+
|``name`` | the name of the NGINX variable to be rate limit by. | ``string`` | Yes |
240
+
|``match`` | the value of the NGINX variable to match against. Values prefixed with the `~` character denote the following is a [regular expression](https://nginx.org/en/docs/http/ngx_http_map_module.html#map). | ``string`` | Yes |
241
+
{{% /table %}}
242
+
216
243
### APIKey
217
244
218
245
The API Key auth policy configures NGINX to authorize client requests based on the presence of a valid API Key in a header or query param specified in the policy.
0 commit comments