uaa icon indicating copy to clipboard operation
uaa copied to clipboard
verified publisher icon cloudfoundry

Rate limiting is not working in uaa

Open Shivani180796 opened this issue 1 year ago • 1 comments

I am trying to use rate limiting feature of cf uaa and it is not working.

What version of UAA are you running?

76.22.0

How are you deploying the UAA?

I am deploying the UAA

  • locally only using docker container

What did you do?

I am trying to use the rate limit feature of uaa published in 76.3.0. I am following this document https://github.com/cloudfoundry/uaa/blob/develop/docs/UAA-Rate-Limiting.md. And as per the document, I have provided the below config in uaa.yml. But still this is not working and no rate limit is applying on any request.

ratelimit: loggingOption: AllCallsWithDetails limiterMappings: - name: AuthToken pathSelectors: - "contains:/oauth/token" withCallerRemoteAddressID: 1r/3s global: 1r/3s - name: SCIM withCallerRemoteAddressID: 1r/3s global: 1r/3s pathSelectors: - "contains:/Users" - "contains:/Groups" - name: EverythingElse withCallerRemoteAddressID: 1r/3s global: 1r/3s pathSelectors: - "other"

I have also tried to check the status of rate limiting by calling /RateLimitingStatus endpoint which shows the status as ACTIVE. That means there is no error. Below is the response of /RateLimitingStatus.

{ "current": { "status": "ACTIVE", "asOf": "1970-01-01T00:28:18Z", "credentialIdExtractor": "None", "loggingLevel": "AllCallsWithDetails", "limiterMappings": 3 }, "fromSource": "resource file(/uaa.yml)" }

What did you expect to see? What goal are you trying to achieve with the UAA?

Rate limiting should work as the config provided.

What did you see instead?

No rate limiting is applying on any request.

Please include UAA logs if available. uaaLogs.txt

Shivani180796 avatar Aug 08 '24 07:08 Shivani180796

Hi @Shivani180796,

I tested the configuration that you provided locally (with the latest develop branch, copied the config, added the correct indentation (as it seems it was lost, when you copied it here)) - and it worked for me locally. We also have productive UAA instances where we use this feature (and it works).

So how did you test your local UAA? And what was the exact formatting of the config when you tested it?

tack-sap avatar Aug 26 '24 14:08 tack-sap

Hi, I close this, because the limiter is active in our landscapes and works as designed. If you see an issue, please re-open it

strehle avatar Oct 25 '24 16:10 strehle