At my company we are current adding rate limiting to our nginx ingress configuration. I really like that it is just one annotation there to get started + one configMap entry to set the response code to 429.
After that I looked into how to handle this 429 code in our client. It is fairly easy to just handle it with a message like "You are clicking too fast", but I wanted a bit more advanced behaviour than this.
That is why I would like to see nginx response with a RetryAfter header. It should include the time in seconds until the client is no longer blocked. That means for rps rate limiting this is always 1s, for rpm rate limiting I would expect this to be slightly higher, probably up to 30 seconds.
The only thing I discovered so far is someone setting the RetryAfter header to always be 120s like this: https://serverfault.com/questions/979144/nginx-add-retry-after-header-to-only-429-responses/979156#979156, but there does not seem to be a way to set this to a calculated value by nginx.
Ideally there are also other headers to be supported, like RateLimit-Limit and RateLimit reamaining to help judge in the client when to use cache and when new information is worth spending the credits on: https://stackoverflow.com/a/16022625, but since those are not standardized yet I would consider those less important for now.
As a reference, this is how this is implemented in Traefik: https://github.com/traefik/traefik/blob/7fc56454ea9a2baa004db509a5a644bc199297c6/pkg/middlewares/ratelimiter/rate_limiter.go#L180
Edited 1 time(s). Last edit at 05/31/2024 05:30AM by StefanLobbenmeier.