resty.limit.count - Lua module for limiting request counts for OpenResty/ngx_lua.
- Name
- Synopsis
- Description
- Methods
- Limiting Granularity
- Installation
- Bugs and Patches
- Authors
- Copyright and License
- See Also
http {
lua_shared_dict my_limit_count_store 100m;
init_by_lua_block {
require "resty.core"
}
server {
location / {
access_by_lua_block {
local limit_count = require "resty.limit.count"
-- rate: 5000 requests per 3600s
local lim, err = limit_count.new("my_limit_count_store", 5000, 3600)
if not lim then
ngx.log(ngx.ERR, "failed to instantiate a resty.limit.count object: ", err)
return ngx.exit(500)
end
-- use the Authorization header as the limiting key
local key = ngx.req.get_headers()["Authorization"] or "public"
local delay, err = lim:incoming(key, true)
if not delay then
if err == "rejected" then
ngx.header["X-RateLimit-Limit"] = "5000"
ngx.header["X-RateLimit-Remaining"] = 0
return ngx.exit(503)
end
ngx.log(ngx.ERR, "failed to limit count: ", err)
return ngx.exit(500)
end
-- the 2nd return value holds the current remaining number
-- of requests for the specified key.
local remaining = err
ngx.header["X-RateLimit-Limit"] = "5000"
ngx.header["X-RateLimit-Remaining"] = remaining
}
}
}
}This module provides APIs to help the OpenResty/ngx_lua user programmers limit request rate by a fixed number of requests in given time window.
It is included by default in OpenResty 1.13.6.1+.
This Lua module's implementation is similar to GitHub API Rate Limiting But this Lua module is flexible in that it can be configured with different rates and window sizes.
This module depends on lua-resty-core, you should enable it like so:
init_by_lua_block {
require "resty.core"
}syntax: obj, err = class.new(shdict_name, count, time_window)
Instantiates an object of this class. The class value is returned by the call require "resty.limit.count".
This method takes the following arguments:
-
shdict_nameis the name of the lua_shared_dict shm zone.It is best practice to use separate shm zones for different kinds of limiters.
-
countis the specified number of requests threshold. -
time_windowis the time window in seconds before the request count is reset.
syntax: delay, err = obj:incoming(key, commit)
Fires a new request incoming event and calculates the delay needed (if any) for the current request upon the specified key or whether the user should reject it immediately.
This method accepts the following arguments:
-
keyis the user specified key to limit the rate.For example, one can use the host name (or server zone) as the key so that we limit rate per host name. Otherwise, we can also use the authorization header value as the key so that we can set a rate for individual user.
Please note that this module does not prefix nor suffix the user key so it is the user's responsibility to ensure the key is unique in the
lua_shared_dictshm zone). -
commitis a boolean value. If set totrue, the object will actually record the event in the shm zone backing the current object; otherwise it would just be a "dry run" (which is the default).
The return values depend on the following cases:
-
If the request does not exceed the
countvalue specified in the new method, then this method returns0as the delay and the remaining count of allowed requests at the current time (as the 2nd return value). -
If the request exceeds the
countlimit specified in the new method then this method returnsniland the error string"rejected". -
If an error occurred (like failures when accessing the
lua_shared_dictshm zone backing the current object), then this method returnsniland a string describing the error.
syntax: remaining, err = obj:uncommit(key)
Undo the commit of the count of incoming call. This method is mainly for excluding specified requests from counting against limit like conditional requests.
The limiting works on the granularity of an individual NGINX server instance (including all its worker processes). Thanks to the shm mechanism; we can share state cheaply across all the workers in a single NGINX server instance.
Please see library installation instructions.
Please report bugs or submit patches by
- creating a ticket on the GitHub Issue Tracker,
- Ke Zhu [email protected]
- Ming Wen [email protected]
This module is licensed under the BSD license.
Copyright (C) 2016-2017, by Yichun "agentzh" Zhang, OpenResty Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
-
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
-
Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- module resty.limit.conn
- module resty.limit.traffic
- library lua-resty-limit-traffic
- the ngx_lua module: https://github.com/openresty/lua-nginx-module
- OpenResty: https://openresty.org/