Ratelimit handler support

[gojihotsauce]

Hello everyone,

Are we able to leverage the ratelimit handler within a layer4 listener using proxy protocol?

Thanks!

[mholt]

You want to rate limit HTTP requests without decoding HTTP, or... what is your goal? What are you trying to do?

[gojihotsauce]

You want to rate limit HTTP requests without decoding HTTP, or... what is your goal? What are you trying to do?

Hi @mholt

I'd like to be able to rate limit behind an AWS NLB that uses proxy protocol with Caddy as a target, which terminates TLS and then proxies to another application. In this scenario Caddy is responsible for all TLS traffic and uses a few CEL/http matchers.

NLB --Proxy Protocol--> Caddy -> Rate limit -> TLS termination -> app

[ydylla]

Hi @gojihotsauce,
I think you don't need layer4 for that.

You can use the caddy2-proxyprotocol listen wrapper to handle the incoming proxy protocol with caddy.
But I just noticed there is an open issue for a similar AWS NLB setup, so maybe you have to try it with caddy-go-proxyproto.

Even if layer4 would have a rate limiter, it would most likely operate on connection level. Meaning once a connection is established multiple http requests can be sent over it. These requests would then bypass the rate limiter, which is probably not what you want.

[gojihotsauce]

Thank you @ydylla! This helps point me in the right direction. I'll close this issue for now. Cheers.