Quickstart: Set request rate limits

Note

The Basic, Standard, and Enterprise plans will be deprecated starting from mid-March, 2025, with a 3 year retirement period. We recommend transitioning to Azure Container Apps. For more information, see the Azure Spring Apps retirement announcement.

The Standard consumption and dedicated plan will be deprecated starting September 30, 2024, with a complete shutdown after six months. We recommend transitioning to Azure Container Apps. For more information, see Migrate Azure Spring Apps Standard consumption and dedicated plan to Azure Container Apps.

This article applies to: ❎ Basic/Standard ✅ Enterprise

This quickstart shows you how to set request rate limits by using Spring Cloud Gateway on the Azure Spring Apps Enterprise plan.

Rate limiting enables you to avoid problems that arise with spikes in traffic. When you set request rate limits, your application can reject excessive requests. This configuration helps you minimize throttling errors and more accurately predict throughput.

Prerequisites

Set request rate limits

Spring Cloud Gateway includes route filters from the Open Source version and several more route filters. One of these filters is the RateLimit: Limiting user requests filter. The RateLimit filter limits the number of requests allowed per route during a time window.

When defining a route, you can add the RateLimit filter by including it in the list of filters for the route. The filter accepts four options:

  • The number of requests accepted during the window.
  • The duration of the window. This value is in milliseconds by default, but you can specify a suffix of s, m, or h to indicate that the value is in seconds, minutes, or hours.
  • (Optional) A user partition key. You can also apply rate limiting per user. That is, different users can have their own throughput allowed based on an identifier found in the request. Indicate whether the key is in a JWT claim or HTTP header with claim or header syntax.
  • (Optional) You can rate limit by IP addresses, but not in combination with rate limiting per user.

The following example would limit all users to two requests every five seconds to the /products route:

{
    "predicates": [
      "Path=/products",
      "Method=GET"
    ],
    "filters": [
      "StripPrefix=0",
      "RateLimit=2,5s"
    ]
}

If you want to expose a route for different sets of users, each one identified by its own client_id HTTP header, use the following route definition:

{
    "predicates": [
      "Path=/products",
      "Method=GET"
    ],
    "filters": [
      "StripPrefix=0",
      "RateLimit=2,5s,{header:client_id}"
    ]
}

When the limit is exceeded, responses will fail with 429 Too Many Requests status.

Use the following command to apply the RateLimit filter to the /products route:

az spring gateway route-config update \
    --resource-group <resource-group-name> \
    --service <Azure-Spring-Apps-service-instance-name> \
    --name catalog-routes \
    --app-name catalog-service \
    --routes-file azure-spring-apps-enterprise/resources/json/routes/catalog-service_rate-limit.json

Use the following commands to retrieve the URL for the /products route in Spring Cloud Gateway:

export GATEWAY_URL=$(az spring gateway show \
    --resource-group <resource-group-name> \
    --service <Azure-Spring-Apps-service-instance-name> | jq -r '.properties.url')

echo "https://${GATEWAY_URL}/products"

Make several requests to the URL for /products within a five-second period to see requests fail with a status 429 Too Many Requests.

Clean up resources

If you plan to continue working with subsequent quickstarts and tutorials, you might want to leave these resources in place. When no longer needed, delete the resource group, which deletes the resources in the resource group. To delete the resource group by using Azure CLI, use the following commands:

echo "Enter the Resource Group name:" &&
read resourceGroupName &&
az group delete --name $resourceGroupName &&
echo "Press [ENTER] to continue ..."

Next steps

Continue on to any of the following optional quickstarts: