Re: [I] bug: limit-req plugin does not work correctly when configuring redis or redis-cluster [apisix]

Thu, 04 Sep 2025 09:17:10 -0700 


mikyll commented on issue #12592:
URL: https://github.com/apache/apisix/issues/12592#issuecomment-3254475763

   I noticed a couple of potential issues in your example:
   
   - `limit-req` plugin must be enabled on routes, **not consumers**;
   - in step 5 you have `use_real_request_uri_unsafe": false` which is a 
parameter of `proxy-rewrite` which is not present in your JSON. As it is right 
now, this Admin API call will fail as **400 Bad Request**
   
   To better help you out, can you revise your example provide complete, 
accurate and reproducible steps? 🙂 
   
   ---
   
   By the way, I tried it myself on Docker (actually Podman, but the 
configuration and end result is the same) and there seems to be no issues 
whatsoever 👀  
   
   ## Docker Example
   
   ### Setup
   
   File `compose.yaml`:
   
   ```yaml
   name: apisix-test-limit-req
   
   services:
     etcd:
       image: bitnami/etcd:latest
       environment:
         ALLOW_NONE_AUTHENTICATION: yes
       healthcheck:
         test: "etcdctl endpoint health"
         interval: 5s
         timeout: 30s
         retries: 5
       networks:
         apisix:
   
     apisix:
       image: apache/apisix:3.12.0-debian
       stdin_open: true
       tty: true
       depends_on:
         etcd:
           condition: service_healthy
         redis:
           condition: service_healthy
       ports:
         - "9080:9080/tcp"
         - "9180:9180/tcp"
         - "9443:9443/tcp"
       volumes:
         - ./conf/config.yaml:/usr/local/apisix/conf/config.yaml
       networks:
         apisix:
   
     redis:
       image: bitnami/redis:8.2.1-debian-12-r0
       healthcheck:
         test: "redis-cli ping | grep PONG"
         interval: 5s
         timeout: 30s
         retries: 5
       environment:
         ALLOW_EMPTY_PASSWORD: yes
       networks:
         apisix:
   
     httpbin:
       image: kennethreitz/httpbin:latest
       ports:
         - "3000:80/tcp"
       networks:
         apisix:
   
   networks:
     apisix:
       driver: bridge
   ```
   
   File `conf/config.yaml`:
   
   ```yaml
   apisix:
     router:
       http: radixtree_uri_with_parameter
     node_listen: 9080
     
   deployment:
     admin:
       admin_key_required: true
       admin_key:
         - name: admin
           key: 1a8fe9bd-73ab-493c-ac82-44db40eab641
           role: admin
   
       allow_admin:
         - 127.0.0.0/24
         - 0.0.0.0/0
   
       admin_listen:
         ip: 0.0.0.0
         port: 9180
   
     etcd:
       host:
         - http://etcd:2379
       prefix: "/apisix"
       timeout: 30
   
   plugins:
     - jwt-auth
     - proxy-rewrite
     - limit-req
   ```
   
   ### Run
   
   Start the containers with Docker:
   
   ```bash
   docker compose up
   ```
   
   Or with Podman:
   
   ```bash
   podman-compose up
   ```
   
   Create some testing resources:
   
   - one upstream with `httpbin` service
   - two routes:
     - `/test-local` with limit-req plugin configured with **local** policy
     - `/test-redis` with limit-req plugin configured with **redis** policy
   
   ### Test
   
   #### Case 1 - Local Policy
   
   ```bash
   for i in {1..5}; do curl -is localhost:9080/test-local | grep HTTP; done
   ```
   
   Result:
   
   ```bash
   HTTP/1.1 200 OK
   HTTP/1.1 429 Too Many Requests
   HTTP/1.1 429 Too Many Requests
   HTTP/1.1 429 Too Many Requests
   HTTP/1.1 429 Too Many Requests
   ```
   
   APISIX Logs:
   
   ```lang-none
   [apisix]  | 2025/09/04 16:02:35 [warn] 46#46: *18163 [lua] plugin.lua:1210: 
run_plugin(): limit-req exits with http status code 429, client: 10.89.18.38, 
server: _, request: "GET /test-local HTTP/1.1", host: "localhost:9080"
   [apisix]  | 2025/09/04 16:02:35 [warn] 49#49: *18164 [lua] plugin.lua:1210: 
run_plugin(): limit-req exits with http status code 429, client: 10.89.18.38, 
server: _, request: "GET /test-local HTTP/1.1", host: "localhost:9080"
   [apisix]  | 2025/09/04 16:02:35 [warn] 60#60: *18165 [lua] plugin.lua:1210: 
run_plugin(): limit-req exits with http status code 429, client: 10.89.18.38, 
server: _, request: "GET /test-local HTTP/1.1", host: "localhost:9080"
   [apisix]  | 2025/09/04 16:02:35 [warn] 81#81: *18166 [lua] plugin.lua:1210: 
run_plugin(): limit-req exits with http status code 429, client: 10.89.18.38, 
server: _, request: "GET /test-local HTTP/1.1", host: "localhost:9080"
   [apisix]  | 10.89.18.38 - - [04/Sep/2025:16:02:35 +0000] localhost:9080 "GET 
/test-local HTTP/1.1" 200 222 0.003 "-" "curl/8.5.0" 10.89.18.37:80 200 0.002 
"http://localhost:9080/get";
   [apisix]  | 10.89.18.38 - - [04/Sep/2025:16:02:35 +0000] localhost:9080 "GET 
/test-local HTTP/1.1" 429 241 0.000 "-" "curl/8.5.0" - - - 
"http://localhost:9080/get";
   [apisix]  | 10.89.18.38 - - [04/Sep/2025:16:02:35 +0000] localhost:9080 "GET 
/test-local HTTP/1.1" 429 241 0.000 "-" "curl/8.5.0" - - - 
"http://localhost:9080/get";
   [apisix]  | 10.89.18.38 - - [04/Sep/2025:16:02:35 +0000] localhost:9080 "GET 
/test-local HTTP/1.1" 429 241 0.000 "-" "curl/8.5.0" - - - 
"http://localhost:9080/get";
   [apisix]  | 10.89.18.38 - - [04/Sep/2025:16:02:35 +0000] localhost:9080 "GET 
/test-local HTTP/1.1" 429 241 0.000 "-" "curl/8.5.0" - - - 
"http://localhost:9080/get";
   ```
   
   #### Case 2 - Redis Policy
   
   ```bash
   for i in {1..5}; do curl -is localhost:9080/test-redis | grep HTTP; done
   ```
   
   Result:
   
   ```bash
   HTTP/1.1 200 OK
   HTTP/1.1 429 Too Many Requests
   HTTP/1.1 429 Too Many Requests
   HTTP/1.1 429 Too Many Requests
   HTTP/1.1 429 Too Many Requests
   ```
   
   APISIX Logs:
   
   ```lang-none
   [apisix]  | 2025/09/04 16:03:30 [warn] 53#53: *21421 [lua] plugin.lua:1210: 
run_plugin(): limit-req exits with http status code 429, client: 10.89.18.38, 
server: _, request: "GET /test-redis HTTP/1.1", host: "localhost:9080"
   [apisix]  | 2025/09/04 16:03:30 [warn] 60#60: *21423 [lua] plugin.lua:1210: 
run_plugin(): limit-req exits with http status code 429, client: 10.89.18.38, 
server: _, request: "GET /test-redis HTTP/1.1", host: "localhost:9080"
   [apisix]  | 2025/09/04 16:03:30 [warn] 78#78: *21427 [lua] plugin.lua:1210: 
run_plugin(): limit-req exits with http status code 429, client: 10.89.18.38, 
server: _, request: "GET /test-redis HTTP/1.1", host: "localhost:9080"
   [apisix]  | 2025/09/04 16:03:30 [warn] 44#44: *21431 [lua] plugin.lua:1210: 
run_plugin(): limit-req exits with http status code 429, client: 10.89.18.38, 
server: _, request: "GET /test-redis HTTP/1.1", host: "localhost:9080"
   [apisix]  | 10.89.18.38 - - [04/Sep/2025:16:03:29 +0000] localhost:9080 "GET 
/test-redis HTTP/1.1" 200 222 0.009 "-" "curl/8.5.0" 10.89.18.37:80 200 0.003 
"http://localhost:9080/get";
   [apisix]  | 10.89.18.38 - - [04/Sep/2025:16:03:30 +0000] localhost:9080 "GET 
/test-redis HTTP/1.1" 429 241 0.001 "-" "curl/8.5.0" - - - 
"http://localhost:9080/get";
   [apisix]  | 10.89.18.38 - - [04/Sep/2025:16:03:30 +0000] localhost:9080 "GET 
/test-redis HTTP/1.1" 429 241 0.002 "-" "curl/8.5.0" - - - 
"http://localhost:9080/get";
   [apisix]  | 10.89.18.38 - - [04/Sep/2025:16:03:30 +0000] localhost:9080 "GET 
/test-redis HTTP/1.1" 429 241 0.001 "-" "curl/8.5.0" - - - 
"http://localhost:9080/get";
   [apisix]  | 10.89.18.38 - - [04/Sep/2025:16:03:30 +0000] localhost:9080 "GET 
/test-redis HTTP/1.1" 429 241 0.002 "-" "curl/8.5.0" - - - 
"http://localhost:9080/get";
   ```
   
   ---
   
   As we can notice, in both cases, only 1 request passes in a time frame of 1 
second.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to