Rate Limiting based on header value

Networking
1

Hi,

I’ve been trying to use Envoy’s Local rate limiting feature in my cluster. The requirement is to rate limit based on a header value. The catch is that the header contains an ID field of sorts. I’d want to limit each of the IDs to a certain number of requests only. Say, 40 requests/minute. I’m currently only able to restrict a particular value of the ID to 40 requests/minute. There could be multiple IDs being sent in the request and listing each of them in the entries for the descriptor would be a tedious task. Is there any way to use a wildcard of sorts or a configuration that I could use that would solve my problem?Thanks in advance!

My current envoy configuration:

configPatches:
  - applyTo: HTTP_FILTER
    match:
      context: SIDECAR_INBOUND
      listener:
        filterChain:
          filter:
            name: "envoy.filters.network.http_connection_manager"
    patch:
      operation: INSERT_BEFORE
      value:
        name: envoy.filters.http.local_ratelimit
        typed_config:
          "@type": type.googleapis.com/udpa.type.v1.TypedStruct
          type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
          value:
            stat_prefix: http_local_rate_limiter
  - applyTo: HTTP_ROUTE
    match:
      context: SIDECAR_INBOUND
      routeConfiguration:
        vhost:
          name: "inbound|http|80"
          route:
            action: ANY
    patch:
      operation: MERGE
      value:
        route:
          rate_limits:
            - actions:
              - request_headers:
                  header_name: auth-header-user-id
                  descriptor_key: user-id
        typed_per_filter_config:
          envoy.filters.http.local_ratelimit:
            "@type": type.googleapis.com/udpa.type.v1.TypedStruct
            type_url: type.googleapis.com/envoy.extensions.filters.http.local_ratelimit.v3.LocalRateLimit
            value:
              stat_prefix: http_local_rate_limiter
              descriptors:
              # Anyway to move this to a generic field for all users?
                - entries:
                  - key: user-id
                    value: xyz
                  token_bucket:
                    max_tokens: 2
                    tokens_per_fill: 2
                    fill_interval: 60s
                - entries:
                  - key: user-id
                    value: abc
                  token_bucket:
                    max_tokens: 3
                    tokens_per_fill: 3
                    fill_interval: 60s
              filter_enabled:
                runtime_key: local_rate_limit_enabled
                default_value:
                  numerator: 100
                  denominator: HUNDRED
              filter_enforced:
                runtime_key: local_rate_limit_enforced
                default_value:
                  numerator: 100
                  denominator: HUNDRED
              response_headers_to_add:
                - append: false
                  header:
                    key: x-local-rate-limit
                    value: 'true'
              token_bucket:
                max_tokens: 10
                tokens_per_fill: 10
                fill_interval: 60s
2

I tried your envoyfilter and the filter ignores all the requests.