Kong Enterprise provides you the ability to rate limit the traffic for various objects using the Rate Limiting Advanced Plugin. In the example below, we will rate limit a service fronted by Kong Enterprise.
We will use our existing Kong Enterprise on RHEL 7 environment. The installation process for this environment is documented here.
First lets make sure we have an existing service we can use. If your environment needs to have a service created, you can also check out our blog on how to do so here.
We will also be using the RBAC controls and the user we set up in our blog post. If you have not yet setup RBAC you can learn how to do so here.
1) Create a service that we can use for this example
Log in to the Kong portal at https://<kong_FQDN_or_IP>:8445 and navigate to your chosen Workspace -> Services -> New Service
Fill in the fields for Service Name, Host, Path, Port and other fields as necessary
You can also run the step of creating a Service via the command line in the format below:
curl -i -X POST --url http://<kong_FQDN_or_IP>:8001/services --data 'name=DemoService' --data 'url=myurl.com'
Check to make sure the Service was created successfully by navigating through the console
Or running the following command line:
curl -i -X GET --url "http://<kong_FQDN_or_IP>:8001/services" --header "Kong-Admin-Token: rbac_user_token_1"
2) Next we will add a route for this service
curl -i -X POST --url "http://<kong_FQDN_or_IP>:8001/services/DemoService/routes" --data "hosts=mydemoexample.com" --header "Kong-Admin-Token: rbac_user_token_1"
3) Use the rate limiting plugin with our defined service
curl -i -X POST --url "http://<kong_FQDN_or_IP>:8001/services/DemoService/plugins" --data "name=rate-limiting-advanced" --data "config.sync_rate=0" --data "config.window_size=60" --data "config.limit=2" --header "Kong-Admin-Token: rbac_user_token_1"
This configuration means that the DemoService service should not be allowed to process more than 2 requests per 60 seconds period.
4) Now we will test running more than 2 requests against the DemoService service.
After running the request below more than twice
curl -i -X GET --url "http://<kong_FQDN_or_IP>:8000/" --header "Host: mydemoexample.com" --header "Kong-Admin-Token: rbac_user_token_1"
We get the following message:
HTTP/1.1 429 Too Many Requests
By controlling the volume of requests to a specific service, and by adding RBAC controls in front of it, you can secure a quasi-firewall for east-west traffic against internal networking vulnerabilities.
If you have any questions or comments on the tutorial content above, or run in to specific errors not covered here, please feel free to reach out to firstname.lastname@example.org
Anuj is the CTO at Keyva, a services and software IP company based out of Minneapolis. In this role, he specializes in developing and delivering vendor-agnostic solutions that avoid the “rip-and-replace” of existing IT investments. Tuli helps customers chart a prescriptive strategy for Application Containerization, CI/CD Pipeline Implementations, API abstraction, Application Modernization, and Cloud Automation integrations. Prior to Keyva, he was the Director of Automation Solutions at Tech Data and led the development and management of Cloud Automation IP and related professional services. With an application developer background, he provides a hands-on perspective towards various technologies.
Like what you read? Follow Anuj on LinkedIn at: https://www.linkedin.com/in/anujtuli/Join the Keyva Community! Follow Keyva on LinkedIn at: