Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Envoy skips calling rate limiting service when request header is not present #10124

Closed
ramaraochavali opened this issue Feb 21, 2020 · 3 comments · Fixed by #11153
Closed

Envoy skips calling rate limiting service when request header is not present #10124

ramaraochavali opened this issue Feb 21, 2020 · 3 comments · Fixed by #11153
Labels
area/ratelimit bug help wanted Needs help!

Comments

@ramaraochavali
Copy link
Contributor

ramaraochavali commented Feb 21, 2020
edited
Loading

We have configured the rate limiting service with three request headers actions like

        "rate_limits": [
         {
          "stage": 0,
          "actions": [
           {
            "source_cluster": {}
           },
           {
            "destination_cluster": {}
           },
           {
            "request_headers": {
             "header_name": ":authority",
             "descriptor_key": "authority"
            }
           },
           {
            "request_headers": {
             "header_name": ":path",
             "descriptor_key": "path"
            }
           },
           {
            "request_headers": {
             "header_name": "custom-header",
             "descriptor_key": "custom"
            }
           },
          ]
         }
        ]
       }
      ]

If in a request the custom-header does not have a value, Envoy skips calling the rate limiting service.

Debugging it further, found that if any of the populateDescriptor call here returns false it skips adding the descriptor

envoy/source/common/router/router_ratelimit.cc

Line 121 in 5be15b3

RateLimit::Descriptor descriptor;

and

populateDescriptor implementation of RequestHeadersAction returns false if there is no value

envoy/source/common/router/router_ratelimit.cc

Line 41 in 5be15b3

if (!header_value) {

Since the descriptor list is empty, rate limit service is not called.

Is this expected behaviour? Should we not call rate limiting service with two headers as descriptor entries which have values rather than completely skipping it?

Should we simply add a descriptor if it has atleast one entry?
@mattklein123
Copy link
Member

Agreed this feels like a bug to me.

@ramaraochavali
Copy link
Contributor Author

@mattklein123 Can you please add "rohan07" to the org and assign this issue? He will fix it.

@karbon0x karbon0x mentioned this issue Feb 29, 2020
Closed
@repokitteh-read-only
Copy link

rohan7 cannot be assigned to this issue.

🐱

Caused by: a #10124 (comment) was created by @ramaraochavali.

see: more, trace.

@ramaraochavali ramaraochavali mentioned this issue Apr 5, 2020
Closed
@ramaraochavali ramaraochavali mentioned this issue Apr 29, 2020
Closed
@karbon0x karbon0x mentioned this issue May 11, 2020
Merged
mattklein123 pushed a commit that referenced this issue May 21, 2020
@karbon0x
ratelimit: allow header descriptors to be skipped (#11153)
77e436f 
Resolves #10124 indirectly by adding an extra config flag to RequestHeaders through which it is possible for descriptors to be sent on a partial match.

Signed-off-by: Rohan Seth <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/ratelimit bug help wanted Needs help!
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Envoy rate limit descriptor fix karbon0x/envoy
router: rate_limit descriptor fix karbon0x/envoy
2 participants
@mattklein123 @ramaraochavali