image:
  repository: envoyproxy/ratelimit
  # see: https://hub.docker.com/r/envoyproxy/ratelimit/tags
  tag: 80b15778

log:
  level: warn
  format: json

# 1MB local cache for already reached limits to reduce calls to Redis
localCacheSize: 1048576

# Wether to block requests if ratelimiting is down
failureModeDeny: false

# rate limit descriptors for each domain
# - slow: 1 req/s over a minute per sourceIP
descriptors:
  ingress:
  - key: sourceIp
    value: sixtyPerMinute
    descriptors:
    - key: remote_address
      rate_limit:
        unit: minute
        requests_per_unit: 60
  - key: sourceIp
    value: tenPerSecond
    descriptors:
    - key: remote_address
      rate_limit:
        unit: second
        requests_per_unit: 10

  privateIngress:
  - key: sourceIp
    value: sixtyPerMinute
    descriptors:
    - key: remote_address
      rate_limit:
        unit: minute
        requests_per_unit: 60
  - key: sourceIp
    value: tenPerSecond
    descriptors:
    - key: remote_address
      rate_limit:
        unit: second
        requests_per_unit: 10

metrics:
  enabled: false