Content differences:
--- /etc/envoy/listeners.d/00-tls_terminator_443.yaml.orig
+++ /etc/envoy/listeners.d/00-tls_terminator_443.yaml
@@ -41,7 +41,40 @@
retry_policy:
num_retries: 1
retry_on: "5xx"
+ typed_per_filter_config:
+ envoy.filters.http.ratelimit.resp:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimitPerRoute
+ rate_limits:
+ - hits_addend:
+ format: "%BYTES_SENT%"
+ apply_on_stream_done: true
+ # NOTE: If one of the headers referenced below is not set, the rate limit is not applied.
+ actions:
+ # Provide the user's identity (x-client-ip is set at the edge) as the counter key
+ - request_headers:
+ descriptor_key: user_id
+ header_name: x-client-ip
+ # Hardcode the policy and user class for now
+ - generic_key:
+ descriptor_key: policy
+ descriptor_value: thumbnails
+ - generic_key:
+ descriptor_key: user_class
+ descriptor_value: anon
http_filters:
+ - name: envoy.filters.http.ratelimit.resp
+ typed_config:
+ "@type": type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit
+ domain: upload
+ request_type: both
+ stage: 0
+ failure_type_deny: false # return 200 if rate limit service is unavailable
+ enable_x_ratelimit_headers: DRAFT_VERSION_03
+ rate_limit_service:
+ transport_api_version: V3
+ grpc_service:
+ envoy_grpc:
+ cluster_name: cluster_ratelimit
- name: envoy.filters.http.router
typed_config:
"@type": type.googleapis.com/envoy.extensions.filters.http.router.v3.Router