feat: add source IP rate limiter middleware
What does this MR do?
Adds the middleware func to the rate limit package for source IPs.
It gets the source IP from r.RemoteAddr
or from the X-Forwarded-For
header for proxied requests (when --listen-proxy
is enabled).
The first iteration will only report logs and metrics when an IP is being rate limited.
The rate limiter uses a Token Bucket approach using
golang.org/x/time/rate, which can be configured with the newly added
flags rate-limit-source-ip
and rate-limit-source-ip-burst
.
To enable the rate limiter, set rate-limit-source-ip
to value > 1,
which is the number of requests per second to allow. It is enabled by
default in "dry-run" mode so requests won't be dropped until the
environment variable FF_ENABLE_RATE_LIMITER
is set to "true"
.
See metrics.go for the newly added metrics.
Demo with rate limit of 0.5
(1 req every 2s) https://www.youtube.com/watch?v=9hojKBu3-Kk
When an IP is rate limited, the following page is served.
TODO
-
I added the Changelog
trailer (e.g.Changelog: feature
) to the commits that need to be included in the changelog -
I added unit tests or they are not required -
I added acceptance tests or they are not required -
I added documentation (or it's not required) -
I followed code review guidelines -
I followed Go Style guidelines
Related to #627 (closed)