The rate limit HTTP middleware allows restricting the maximum number of allowed HTTP requests per second. Rate limiting can protect your application from Denial of Service (DoS) attacks. DoS attacks can be initiated by malicious 3rd parties but also by bugs in your software (a.k.a. a “friendly fire” DoS attack).
In the following definition, the maximum requests per second are set to 10:
apiVersion: dapr.io/v1alpha1 kind: Component metadata: name: ratelimit spec: type: middleware.http.ratelimit version: v1 metadata: - name: maxRequestsPerSecond value: 10
Spec metadata fields
||The maximum requests per second by remote IP.
The component looks at the
Once the limit is reached, the requests will fail with HTTP Status code 429: Too Many Requests.
ImportantThe rate limit is enforced independently in each Dapr sidecar, and not cluster-wide.
Alternatively, the max concurrency setting can be used to rate-limit applications and applies to all traffic, regardless of remote IP, protocol, or path.
apiVersion: dapr.io/v1alpha1 kind: Configuration metadata: name: appconfig spec: httpPipeline: handlers: - name: ratelimit type: middleware.http.ratelimit
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.