How Kong Gateway’s Rate Limiting Plugin Can Protect Your Organization from DDoS Attacks
Published: June 5, 2023
By Nicky Carlisle
Distributed Denial of Service (DDoS) attacks are a growing concern for organizations of all sizes with the average number of attacks per day more than tripling since the end of 2021. These attacks can have a profound negative impact on revenue, damage a company’s reputation, and even result in legal action. It is imperative for businesses to implement measures that can identify and block malicious traffic while allowing legitimate traffic to pass. One such measure is the implementation of Kong Gateway’s Rate Limiting Plugin.
Kong Gateway is an open-source API gateway that provides various middleware functionalities such as routing, authentication, and rate limiting. The Rate Limiting Plugin, in particular, can help prevent DDoS attacks by blocking malicious traffic that exceeds the allowed limit in a given time frame. The plugin allows engineers to set rules based on specific parameters such as IP address, headers, and request path giving them more control over how requests are handled.
Here is an example of how to use the Kong Admin API to set up the Rate Limiting plugin:
curl -X POST http://localhost:8001/services/my-service/plugins \
--data "name=rate-limiting" \
--data "config.minute=5" \
--data "config.policy=redis" \
--data "config.limit_by=ip"
Consumers of this service can send up to five requests per minute per IP address. This information is shared across Kong Gateway nodes by setting the rate limit counter storage policy to the same Redis cache. Functionality like this grants more control over how requests are handled, allowing them to prevent resource exhaustion and service failure.
In cases where the out-of-the-box rate limiting plugins aren’t verbose enough, it is also possible to write a custom Lua plugin to specify exactly how to rate limit. For example, a Kong user has written their own plugin to rate limit based on the amount of data a consumer can download per given interval.
There are also various other plugins supported by Kong to collect real-time telemetry data which can be shipped to Splunk’s Enterprise Security or Observability Cloud platform resulting in robust security alerting and proactively identifying potential issues preventing service disruption. With Kong Gateway’s Rate Limiting Plugin and Splunk’s monitoring and security capabilities, organizations can take a few steps closer to protecting themselves from DDoS attacks and ensure that their applications remain available and secure.