Re: [I] bug: limit-req: conf_type/conf_version suffix makes per-consumer rate limits effectively per-route [apisix]

Mon, 23 Feb 2026 22:03:26 -0800 


Baoyuantop commented on issue #12946:
URL: https://github.com/apache/apisix/issues/12946#issuecomment-3949354952

   Hi @janiussyafiq, Thank you for reminding me, I have verified that this is 
indeed the case.
   
   The following test cases can be executed successfully.
   
   ```
   === TEST 1: setup consumer with limit-count and two routes (no limit-count 
on routes)
   --- config
       location /t {
           content_by_lua_block {
               local t = require("lib.test_admin").test
               t('/apisix/admin/consumers', ngx.HTTP_PUT, [[{
                   "username": "jack",
                   "plugins": {
                       "key-auth": { "key": "auth-key" },
                       "limit-count": {
                           "count": 1,
                           "time_window": 60,
                           "rejected_code": 429,
                           "key": "consumer_name"
                       }
                   }
               }]])
               -- route A
               t('/apisix/admin/routes/1', ngx.HTTP_PUT, [[{
                   "uri": "/hello", "plugins": { "key-auth": {} },
                   "upstream": { "nodes": { "127.0.0.1:1980": 1 }, "type": 
"roundrobin" }
               }]])
               -- route B
               t('/apisix/admin/routes/2', ngx.HTTP_PUT, [[{
                   "uri": "/hello1", "plugins": { "key-auth": {} },
                   "upstream": { "nodes": { "127.0.0.1:1980": 1 }, "type": 
"roundrobin" }
               }]])
               ngx.say("done")
           }
       }
   --- request
   GET /t
   --- response_body
   done
   
   
   
   === TEST 2: cross-route requests - limit-count on consumer should be shared 
globally
   --- pipelined_requests eval
   ["GET /hello", "GET /hello1"]
   --- more_headers
   apikey: auth-key
   --- error_code eval
   [200, 429]
   
   ```
   
   ```
   === TEST 1: setup consumer with limit-req and two routes (no limit-req on 
routes)
   --- config
       location /t {
           content_by_lua_block {
               local t = require("lib.test_admin").test
               t('/apisix/admin/consumers', ngx.HTTP_PUT, [[{
                   "username": "jack",
                   "plugins": {
                       "key-auth": { "key": "auth-key" },
                       "limit-req": {
                           "rate": 0.1,
                           "burst": 0,
                           "rejected_code": 403,
                           "key": "consumer_name"
                       }
                   }
               }]])
               -- route A
               t('/apisix/admin/routes/1', ngx.HTTP_PUT, [[{
                   "uri": "/hello", "plugins": { "key-auth": {} },
                   "upstream": { "nodes": { "127.0.0.1:1980": 1 }, "type": 
"roundrobin" }
               }]])
               -- route B
               t('/apisix/admin/routes/2', ngx.HTTP_PUT, [[{
                   "uri": "/hello1", "plugins": { "key-auth": {} },
                   "upstream": { "nodes": { "127.0.0.1:1980": 1 }, "type": 
"roundrobin" }
               }]])
               ngx.say("done")
           }
       }
   --- request
   GET /t
   --- response_body
   done
   
   
   
   === TEST 2: cross-route requests - limit-req on consumer should be shared 
globally
   --- pipelined_requests eval
   ["GET /hello", "GET /hello1"]
   --- more_headers
   apikey: auth-key
   --- error_code eval
   [200, 200]
   ```
   
   The limit-req and limit-count plugins exhibit inconsistent behavior; their 
key concatenation methods differ.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to