Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/traefik/traefik/llms.txt

Use this file to discover all available pages before exploring further.

RateLimit Middleware

Control the Number of Requests Going to a Service The RateLimit middleware ensures that services will receive a fair amount of requests based on a token bucket implementation.

Configuration Examples

Basic Rate Limiting

# 100 requests per second with burst of 200
labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=200"

Rate Limiting with Period

# 6 requests per minute
labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=6"
  - "traefik.http.middlewares.test-ratelimit.ratelimit.period=1m"

Rate Limiting with IP Strategy

labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2"

Configuration Options

Rate Configuration

average
integer
default:"0"
Maximum rate, by default in requests per second, allowed from a given source. Setting to 0 means no rate limiting.The actual rate is defined by dividing average by period.
period
duration
default:"1s"
Period in combination with average defines the actual maximum rate. The rate is calculated as: r = average / period
burst
integer
default:"1"
Maximum number of requests allowed to go through in the same arbitrarily small period of time.

Source Criterion

sourceCriterion.ipStrategy.depth
integer
Use the X-Forwarded-For header and select the IP at the specified depth (starting from the right).
sourceCriterion.ipStrategy.excludedIPs
array
List of IPs to exclude when determining the client IP.
sourceCriterion.ipStrategy.ipv6Subnet
integer
Subnet mask for IPv6 addresses. Useful for grouping IPv6 addresses into subnets.
sourceCriterion.requestHeaderName
string
Name of the header used to group incoming requests.
sourceCriterion.requestHost
boolean
Whether to consider the request host as the source.

Redis Storage

Enables distributed rate limiting using Redis to store tokens.
redis.endpoints
array
default:"127.0.0.1:6379"
List of Redis server endpoints.
redis.username
string
Username for Redis authentication.
redis.password
string
Password for Redis authentication.
redis.db
integer
default:"0"
Database to select after connecting to Redis.
redis.tls.ca
string
Path to certificate authority for TLS connection.
redis.tls.cert
string
Path to public certificate for TLS connection.
redis.tls.key
string
Path to private key for TLS connection.
redis.tls.insecureSkipVerify
boolean
default:"false"
Accept any certificate presented by the server.

Examples

Distributed Rate Limiting with Redis

http:
  middlewares:
    test-ratelimit:
      rateLimit:
        average: 100
        burst: 200
        redis:
          endpoints:
            - "127.0.0.1:6379"
          username: "user"
          password: "password"
          db: 0

Rate Limiting by Header

http:
  middlewares:
    test-ratelimit:
      rateLimit:
        average: 100
        sourceCriterion:
          requestHeaderName: username