Global rate limiting imposes a system-wide limit on all requests passing through the gateway. This is useful as an upper bound for overall capacity protection, ensuring the gateway or downstream services aren’t overwhelmed by total traffic.
Below is an example showing how to enable global limits:
limit Maximum number of requests allowed for each user within the specified window.
window
Time frame (e.g., 1m
, 30s
) for measuring requests.
actions
reject
: Returns 429 status with retry informationblock
: Similar to reject but for permanent blocksThe window
parameter supports any valid duration string:
s
: seconds (e.g., ”30s”)m
: minutes (e.g., “5m”)h
: hours (e.g., “1h”)d
: days (e.g., “1d”)Example combinations:
The rate limiter adds the following headers to each response:
Where {type}
is one of:
global
per_ip
per_user
ratelimit:{level}:{id}:{limit_type}:{key}
If you have a backend with limited capacity, global limiting ensures no single spike can breach that capacity.
Even if you have per-IP or per-user limits, global limiting acts as a final line of defense when total traffic volume surges.
In multi-tenant environments, it prevents one tenant from consuming the entire capacity, ensuring all tenants receive a baseline service.
Global rate limiting imposes a system-wide limit on all requests passing through the gateway. This is useful as an upper bound for overall capacity protection, ensuring the gateway or downstream services aren’t overwhelmed by total traffic.
Below is an example showing how to enable global limits:
limit Maximum number of requests allowed for each user within the specified window.
window
Time frame (e.g., 1m
, 30s
) for measuring requests.
actions
reject
: Returns 429 status with retry informationblock
: Similar to reject but for permanent blocksThe window
parameter supports any valid duration string:
s
: seconds (e.g., ”30s”)m
: minutes (e.g., “5m”)h
: hours (e.g., “1h”)d
: days (e.g., “1d”)Example combinations:
The rate limiter adds the following headers to each response:
Where {type}
is one of:
global
per_ip
per_user
ratelimit:{level}:{id}:{limit_type}:{key}
If you have a backend with limited capacity, global limiting ensures no single spike can breach that capacity.
Even if you have per-IP or per-user limits, global limiting acts as a final line of defense when total traffic volume surges.
In multi-tenant environments, it prevents one tenant from consuming the entire capacity, ensuring all tenants receive a baseline service.