Edit this page

Rate-limiting backends

No matter what is the amount of activity the users are generating at the router level, you might want to restrict the connections KrakenD makes to your backends. Configuration is similar to the router’s one, but it’s declared directly in the backend section instead of the endpoint.

This parameter is defined at the krakend.json configuration file as follows:

  "endpoint": "/products/{cat_id}",
  "backend": [
      "host": [
      "url_pattern": "/catalog/category/{cat_id}.rss",
      "encoding": "rss",
      "extra_config": {
          "github.com/devopsfaith/krakend-ratelimit/juju/proxy": {
              "maxRate": 1,
              "capacity": 1

There are two parameters you can set:

  • maxRate: Maximum requests per second you want to accept in this backend.
  • capacity: The capacity according to the token bucket algorithm with a bucket capacity == tokens added per second so KrakenD is able to allow some bursting on the request rates. Recommended value is capacity==maxRate

Comparison of maxRate vs clientMaxRate

The maxRate (available both in router and proxy layers) is an absolute number where you have the exact control over how much traffic you are allowing to hit the backend or endpoint. In an eventual DDoS, the maxRate can help in a way since it won’t accept more traffic than allowed. But on the other hand a single host could abuse the system taking a big percentage of that quota.

The clientMaxRate is a limit per client and it won’t help you if you just want to control the total traffic, as the total traffic supported by the backend or endpoint depends on the number of different requesting clients. A DDoS will then happily pass through, but on the other hand, you can keep any particular abuser limited to its quota.

Depending on your use case you will need to decide if you use one, the other, the two, or none of them (fastest!)

Unresolved issues?

The documentation is only a piece of the help you can get! Whether you are looking for Open Source or Enterprise support, see more support channels that can help you.