Home / Kong Plugin Hub
Edit
Report

Rate Limiting Advanced

Overview Get started Configuration reference Changelog
Related Documentation
All Gateway Documentation
Made by
Kong Inc.
Supported Gateway Topologies
hybrid db-less traditional
Supported Konnect Deployments
hybrid cloud-gateways serverless
Compatible Protocols
grpc grpcs http https
Tags
#rate-limiting #traffic-control
Related Resources
Rate limiting in Kong Gateway
Create rate limiting tiers with Rate Limiting Advanced
Apply multiple rate limits and window sizes
Rate Limiting plugin

3.10.0.0

Release date 2025/03/27

Bugfix

  • Fixed an issue where the runtime failed due to sync_rate not being set if the strategy was local.

3.9.0.0

Release date 2024/12/12

Feature

  • Added a new configuration field lock_dictionary_name to support specifying an independent shared memory for storing locks.

  • Added support for authentication from Kong Gateway to Envoy Proxy.

  • Added support for combining multiple identifier items with the new configuration field compound_identifier.

Bugfix

  • Fixed an issue where counters of the overriding consumer groups didn’t fetched when the window_size is different and the workspace is non-default.

  • Fixed an issue where a warn log was printed when event_hooks was disabled.

  • Fixed an issue where multiple plugin instances sharing the same namespace enforced consumer groups and different window_sizes were used in the consumer group overriding configs, then the rate limiting of some consumer groups would fall back to local strategy. Now every plugin instance sharing the same namespace can set different window_size.

  • Fixed an issue where the plugin may fail to authenticate to Redis correctly with vault-referenced redis configuration.

  • Fixed an issue where RLA stores long expiration time items cause no memory errors.

3.8.1.1

Release date 2025/04/10

Bugfix

  • Fixed an issue where the kong.plugins.rate-limiting-advanced.migrations module was not being loaded when upgrading to 3.8.x.y. This issue was introduced in 3.8.0.0 and Kong refuses to start if redis.timeout and redis.connect_timeout are set to different values.

3.8.1.0

Release date 2024/11/04

Bugfix

  • Fixed an issue where a warn log was printed when event_hooks was disabled.

3.8.0.0

Release date 2024/09/11

Deprecation

  • Deprecated timeout config field in redis config in favor of connect_/send_/read_timeout (timeout field will be removed in 4.0).

  • Switched to sentinel_nodes and cluster_nodes for redis configuration.

Feature

  • Added Redis cluster_max_redirections configuration option.

Bugfix

  • Fixed a Redis schema issue where connect_timeout, read_timeout, send_timeout were reset to null if the deprecated timeout is null.

  • Fixed an issue where if the window_size in the consumer group overriding config is different from the window_size in the default config, the rate limiting of that consumer group would fall back to local strategy.

  • Rate Limiting Advanced Fixed an issue where the sync timer may stop working due to race condition.

Performance

  • Improved that timer spikes do not occur when there is network instability with the central data store.

3.7.1.3

Release date 2024/11/26

Bugfix

  • Fixed an issue where if the window_size in the consumer group overriding config is different from the window_size in the default config, the rate limiting of that consumer group would fall back to local strategy.

  • Fixed an issue where the sync timer may stop working due to race condition.

3.7.1.0

Release date 2024/06/18

Performance

  • Improved that timer spikes do not occur when there is network instability with the central data store.

3.7.0.0

Release date 2024/05/28

Bugfix

  • Refactored kong/tools/public/rate-limiting to keep the original interfaces unchanged (backward compatibility) and extend a new interface new_instance to provide isolation between different plugins. If you are using custom Rate Limiting plugins based on this library, please update the initialization code to the new format like ‘local ratelimiting = require(“kong.tools.public.rate-limiting”).new_instance(“custom-plugin-name”)’. The old interface will be removed in the upcoming major release.

  • Fixed an issue where RLA and other similar plugins using the rate-limiting library, when used together, would interfere with each other and thus fail to synchronize counter data to the central data store

  • Falling back to local strategy if sync_rate = 0 when redis goes down

  • The plugin now creates counter syncing timers when being executed instead of being created to reduce some meaningless error logs

  • Print error log when multiple plugins with the same namespace have different configurations

  • fix an issue where if sync_rate is changed from a value greater than 0 to 0, the namespace will be cleared unexpectedly

  • fix some timer-related issues where the counter syncing timer can’t be created or destroyed properly

3.6.1.8

Release date 2024/10/11

Bugfix

  • Rate Limiting Advanced Fixed an issue where if the window_size in the consumer group overriding config is different from the window_size in the default config, the rate limiting of that consumer group would fall back to local strategy.

  • Rate Limiting Advanced Fixed an issue where the sync timer may stop working due to race condition.

3.6.1.5

Release date 2024/06/18

Performance

  • Rate Limiting Advanced Improved that timer spikes do not occur when there is network instability with the central data store.

3.6.1.4

Release date 2024/05/14

Bugfix

  • Refactored kong/tools/public/rate-limiting to keep the original interfaces unchanged (backward compatibility) and extend a new interface new_instance to provide isolation between different plugins. If you are using custom Rate Limiting plugins based on this library, please update the initialization code to the new format like ‘local ratelimiting = require(“kong.tools.public.rate-limiting”).new_instance(“custom-plugin-name”)’. The old interface will be removed in the upcoming major release.

3.6.1.2

Release date 2024/04/08

Bugfix

  • Fixed an issue where RLA and other similar plugins using the rate-limiting library, when used together, would interfere with each other and thus fail to synchronize counter data to the central data store

3.6.1.1

Release date 2024/03/05

Bugfix

  • Rate Limiting Advanced Falling back to local strategy if sync_rate = 0 when redis goes down

  • Rate Limiting Advanced The plugin now creates counter syncing timers when being executed instead of being created to reduce some meaningless error logs

  • Rate Limiting Advanced fix an issue where if sync_rate is changed from a value greater than 0 to 0, the namespace will be cleared unexpectedly

  • Rate Limiting Advanced fix some timer-related issues where the counter syncing timer can’t be created or destroyed properly

3.6.0.0

Release date 2024/02/12

Feature

  • support to ratelimit by consumer group

  • Rate Limiting Advanced Enhance the resolution of RLA sliding window weight

Bugfix

  • check if sync_rate is nil when calling the RLA phase configure()

  • Skip sync with DB or Redis if sync_rate is nil or null.

  • Rate Limiting Advanced Check the error of queries in the redis pipeline

3.5.0.5

Release date 2024/06/18

Performance

  • Rate Limiting Advanced Improved that timer spikes do not occur when there is network instability with the central data store.

3.5.0.4

Release date 2024/05/20

Bugfix

  • Refactored kong/tools/public/rate-limiting to keep the original interfaces unchanged (backward compatibility) and extend a new interface new_instance to provide isolation between different plugins. If you are using custom Rate Limiting plugins based on this library, please update the initialization code to the new format like ‘local ratelimiting = require(“kong.tools.public.rate-limiting”).new_instance(“custom-plugin-name”)’. The old interface will be removed in the upcoming major release.

  • Fixed an issue where RLA and other similar plugins using the rate-limiting library, when used together, would interfere with each other and thus fail to synchronize counter data to the central data store

  • Falling back to local strategy if sync_rate = 0 when redis goes down

  • The plugin now creates counter syncing timers when being executed instead of being created to reduce some meaningless error logs

  • fix an issue where if sync_rate is changed from a value greater than 0 to 0, the namespace will be cleared unexpectedly

  • fix some timer-related issues where the counter syncing timer can’t be created or destroyed properly

3.5.0.0

Release date 2023/11/08

Performance

  • Rate Limiting Advanced to use the new Plugin:configure for building namespaces without looping through all the plugins

3.4.3.14

Release date 2024/12/17

Bugfix

  • Fixed an issue where counters of the overriding consumer groups didn’t fetched when the window_size is different and the workspace is non-default.

  • Fixed an issue where multiple plugin instances sharing the same namespace enforced consumer groups and different window_sizes were used in the consumer group overriding configs, then the rate limiting of some consumer groups would fall back to local strategy. Now every plugin instance sharing the same namespace can set different window_size.

  • Fixed an issue where the plugin may fail to authenticate to Redis correctly with vault-referenced redis configuration.

  • Fixed an issue where RLA stores long expiration time items cause no memory errors.

3.4.3.13

Release date 2024/11/15

Feature

  • Enhance the resolution of RLA sliding window weight

Bugfix

  • Fixed an issue where the sync timer may stop working due to race condition.

3.4.3.12

Release date 2024/08/08

Bugfix

  • Fixed an issue where if the window_size in the consumer group overriding config is different from the window_size in the default config, the rate limiting of that consumer group would fall back to local strategy.

3.4.3.9

Release date 2024/06/08

Performance

  • Improved that timer spikes do not occur when there is network instability with the central data store.

3.4.3.8

Release date 2024/05/16

Bugfix

  • Refactored kong/tools/public/rate-limiting to keep the original interfaces unchanged (backward compatibility) and extend a new interface new_instance to provide isolation between different plugins. If you are using custom Rate Limiting plugins based on this library, please update the initialization code to the new format like ‘local ratelimiting = require(“kong.tools.public.rate-limiting”).new_instance(“custom-plugin-name”)’. The old interface will be removed in the upcoming major release.

3.4.3.6

Release date 2024/04/15

Bugfix

  • Fixed an issue where RLA and other similar plugins using the rate-limiting library, when used together, would interfere with each other and thus fail to synchronize counter data to the central data store

3.4.3.5

Release date 2024/03/21

Bugfix

  • Falling back to local strategy if sync_rate = 0 when redis goes down

  • The plugin now creates counter syncing timers when being executed instead of being created to reduce some meaningless error logs

  • fix an issue where if sync_rate is changed from a value greater than 0 to 0, the namespace will be cleared unexpectedly

  • fix some timer-related issues where the counter syncing timer can’t be created or destroyed properly

3.4.0.0

Release date 2023/08/09

Feature

  • The redis strategy now catches strategy connection failures.

Bugfix

  • Fixed an issue that impacted the accuracy with the redis policy. Thanks @giovanibrioni for contributing this change.#10559

3.3.0.0

Release date 2023/05/19

Bugfix

  • The redis rate limiting strategy now returns an error when Redis Cluster is down.

  • Fixed an issue where the rate limiting cluster_events broadcast the wrong data in traditional cluster mode.

  • The control plane no longer creates namespace or syncs.

3.2.2.4

Release date 2023/09/15

Bugfix

  • The control plane no longer attempts to create namespace or synchronize counters with Redis.

3.2.2.2

Release date 2023/05/19

Bugfix

  • Fixed the log flooding issue caused by low sync_rate settings.

3.2.1.0

Release date 2023/02/28

Feature

Bugfix

  • Matched the plugin’s behavior to the Rate Limiting plugin. When an HTTP 429 status code was returned, rate limiting related headers were missed from the PDK module kong.response.exit(). This made the plugin incompatible with other Kong components like the Exit Transformer plugin.

3.1.1.5

Release date 2023/08/25

Bugfix

  • Fixed an issue where the control plane was trying to sync the rate-limiting-advanced counters with Redis.

  • Fixed an issue where the rl cluster_events broadcasted the wrong data in traditional cluster mode.

3.1.1.2

Release date 2023/01/24

Bugfix

  • Fixed an issue with the local strategy, which was not working correctly when window_size was set to fixed, and the cache would expire while the window was still valid.

3.1.0.0

Release date 2022/12/06

Feature

  • Added support for deleting customer groups using the API.

  • Added config.disable_penalty to control whether to count 429 or not in sliding window mode.

Bugfix

  • The plugin now ensures that shared dict TTL is higher than config.sync_rate, otherwise Kong Gateway would lose all request counters in shared dict.

3.0.0.0

Release date 2022/09/09

Bugfix

  • Fixed error handling when calling get_window and added more buffer on the window reserve.

  • Fixed error handling for plugin strategy configuration when in hybrid or DB-less mode and strategy is set to cluster.

Breaking Change

  • Updated the priority for some plugins.: rate-limiting-advanced changed from 902 to 910

2.8.4.13

Release date 2024/09/20

Bugfix

  • Fixed an issue where the sync timer may stop working due to race condition.

2.8.4.10

Release date 2024/06/18

Bugfix

  • Rate Limiting Advanced Refactored kong/tools/public/rate-limiting to keep the original interfaces unchanged (backward compatibility) and extend a new interface new_instance to provide isolation between different plugins. If you are using custom Rate Limiting plugins based on this library, please update the initialization code to the new format like ‘local ratelimiting = require(“kong.tools.public.rate-limiting”).new_instance(“custom-plugin-name”)’. The old interface will be removed in the upcoming major release.

2.8.4.8

Release date 2024/03/26

Bugfix

  • Rate Limiting Advanced Fixed an issue where RLA and other similar plugins using the rate-limiting library, when used together, would interfere with each other and thus fail to synchronize counter data to the central data store

  • Rate Limiting Advanced Falling back to local strategy if sync_rate = 0 when redis goes down

2.8.4.7

Release date 2024/02/08

Bugfix

  • Rate Limiting Advanced The plugin now creates counter syncing timers when being executed instead of being created to reduce some meaningless error logs

  • Rate Limiting Advanced fix the return info and log of previous errors are missing when use redis cluster mode connection fails

  • Rate Limiting Advanced Check the error of queries in the redis pipeline

  • Rate Limiting Advanced fix an issue where if sync_rate is changed from a value greater than 0 to 0, the namespace will be cleared unexpectedly

  • Rate Limiting Advanced fix some timer-related issues where the counter syncing timer can’t be created or destroyed properly

2.8.4.3

Release date 2023/09/18

Bugfix

  • cp should not create namespace or do sync.

  • Fix a bug where the rl cluster_events broadcast the wrong data in traditional cluster mode.

2.8.2.3

Release date 2023/01/06

Bugfix

  • Fixed a maintenance cycle lock leak in the kong_locks dictionary. Kong Gateway now clears old namespaces from the maintenance cycle schedule when a namespace is updated.

2.8.1.3

Release date 2022/08/05

Bugfix

  • Fixed an issue with cluster strategy timestamp precision in Cassandra.

2.8.1.1

Release date 2022/05/27

Bugfix

  • Fixed rate limiting advanced errors that appeared when the Rate Limiting Advanced plugin was not in use.

  • Fixed an error where rate limiting counters were not updating response headers due to incorrect key expiration tracking. Redis key expiration is now tracked properly in lua_shared_dict kong_rate_limiting_counters.

2.8.1.0

Release date 2022/04/07

Bugfix

  • Skip namespace creation if the plugin is not enabled. This prevents the error “[rate-limiting-advanced] no shared dictionary was specified” being logged.

2.8.0.0

Release date 2022/03/02

Feature

  • Added Redis ACL support (Redis v6.0.0+ and Redis Sentinel v6.2.0+).

  • Added the redis.username and redis.sentinel_username configuration parameters.

  • Beta feature: The redis.username, redis.password, redis.sentinel_username, and redis.sentinel_passwordconfiguration fields are now marked as referenceable, which means they can be securely stored assecretsin a vault. References must follow a specific format.

Bugfix

  • Fixed a 500 error that occurred when consumer groups were enforced but no proper configurations were provided. Now, if no specific consumer group configuration exists, the consumer group defaults to the original plugin configuration.

  • Fixed a timer leak that caused the timers to be exhausted and failed to start any other timers used by Kong, showing the error too many pending timers.

    Before, the plugin used one timer for each namespace maintenance process, increasing timer usage on instances with a large number of rate limiting namespaces. Now, it uses a single timer for all namespace maintenance.

  • Fixed an issue where the local strategy was not working with DB-less and hybrid deployments. We now allow sync_rate = null and sync_rate = -1when a local strategy is defined.

Something wrong?
Report an Issue | Edit this Page

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!
Contribute

Still need help

Ask in our Forum
Contact Support