Repository metrics
- Stars
- (27,997 stars)
- PR merge metrics
- (平均マージ 8d) (30d で 378 merged PRs)
説明
Title: Rate limit: add support for delay before rejection
Description:
When a connection or request is rate limited by the L4/L7 local rate limit filters, instead of immediately rejecting the connection or request it would be useful to reject after a pre-configured delay. That way, a malicious user is not able to retry as fast as possible which provides a better DoS protection for Envoy.
I believe the RLS service called by the rate limit filter can implement a delay on its end but it would be nice to have that functionality in Envoy especially for the local rate limit filter but could be shared by the global rate limit filter as well.
Proposed Solution:
Add config to specify the delay. For rejected requests, schedule a timer event and do the actual rejection when the timer calls back.