Commit eeb17c2f authored by ale's avatar ale

Add bypass documentation

parent b1d49a94
Pipeline #4789 passed with stages
in 1 minute and 46 seconds
......@@ -121,7 +121,29 @@ should specify the following attributes:
only be applied to failed authentication requests
* `keys` is a list of strings specifying the request identifiers that
will make up the rate limiter key. The list can include one or both
of *ip* (referring to the remote client's IP) and *user* (username)
of *ip* (referring to the remote client's IP) and *user* (username).
* `bypass` is a list of criteria that will cause the request to skip
the enforcement of this ratelimit/blacklist. Criteria are objects
with `key` (one of *ip* or *user*) and *value* attributes, which
specify an exact equality match.
The following is an example of an IP-based ratelimit with blacklist
period of 1 hour, that will allow an arbitrary amount of requests from
localhost:
```yaml
rate_limits:
blacklist_10qps_1h:
limit: 100
period: 10
blacklist_for: 3600
keys: [ip]
bypass:
- key: ip
value: "127.0.0.1"
- key: ip
value: "::1"
```
## Service definition
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment