-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rate Limit Layer not Respected #2634
Comments
I've tested this snippet with #2586 and it doesn't seem to fix the issue, the request rate is not limited |
I can confirm as well. |
Isn't this a problem only because the layer/service gets cloned, which seems to give it its own state for concurrency tracking? Which I do consider not intuitive and certainly also not how i would implement it. So at the very least, if my theory is correct, wouldn't it be welcome @jplatte for someone to add a big fat warning to that middleware that cloning won't work as they expect it to do and thus that use cases such as axum either need to not clone or provide its own cloning-friendly middleware? |
@GlenDC yes on the theory. Not sure how reasonable it is from tower's perspective, so what the answer to your second question is. They certainly could have a layer that has one shared limit when cloned. |
I think what #2568 + Generally you want to limit the rate of requests per some origin (e.g. peer IP for HTTP), not globally for a certain service (together with clones or separately). But an actual implementation of that with good performance could quickly get too complex for inclusion in simple helper crates like tower(-http), so I'm not sure it makes sense to even open an issue for that. |
Personally I anyway prefer that kind of <=L4 rate limiting on ingress infra level. And yes I do agree that for most server cases you indeed want that at the application layer with more info. That's why my suggestion that perhaps it might be better for something that Axum provides. The biggest point I tried to bring home here, and I think I mentioned it on Discord before as a reply to someone, is that I do think that there should be probably a big warning added to the docs of that layer, as I think it's confusing to many and certainly not what you would expect when you clone. For a future major release of tower it might then even be considered to entirely remove this from tower but that's an entirely different discussion. |
Yeah, agree there should be a change on those docs. Maybe not even so much about cloning (how would people know when something like axum clones the layer internally?) but more about scope of that layer (it's clearly not the sort of rate limiting people need for http backends usually). |
Well I would mention this while also mentioning use cases such as Axum. That said, I wonder what actual use cases for that middleware do exist? Is there anyone even using that specific middleware in production for something where it works and they like it? Asking it not with any mall intent but more so that hopefully I can see the code using it and learn a thing or two from it. |
Not sure it's worth diving down this rabbit hole yet, but I did some digging into |
Hi all! So what are the best ways for using the rate limit now? |
@dayvejones I use tower governer. https://github.com/benwis/tower-governor |
Bug Report
Version
v0.7.4
Platform
Linux pop-os 6.6.10-76060610-generic
Description
Quick note: I created an issue in tower as well as this involves both tower and axum. I can close whichever of the two makes the most sense.
I am running into an issue with using the
RateLimitLayer
fromtower
withaxum
. I noticed that I can keep sending requests and the rate isn't actually limited. Below is a complete example.I expected the request rate to be limited to 1 per 5 seconds. But the below script executes without any rate limiting.
The text was updated successfully, but these errors were encountered: