I am trying to throttle requests using the Istio local rate limiting per path.

Note: I am trying to maintain independent counters per path. Example: /1/send and /2/send need to have an independent quota rather than a common token bucket.

I was able to achieve this use-case using global rate-limiting as the descriptors have the 'value' field marked optional there.

Find below a snippet from global rate limiting:

rate_limits:
- actions: # any actions in here
- request_headers:
header_name: ":path"
descriptor_key: "PATH"
- header_value_match:
descriptor_value: post
headers:
- name: :method
prefix_match: POST

descriptors:
- key: PATH
descriptors:
- key: header_match
value: post
rate_limit:
requests_per_unit: 4
unit: minute

However, for local rate limiting, the value for PATH cannot be undefined. Hence, it expects to define a static path to limit requests.

patch:
operation: MERGE
value:
route:
rate_limits:
- actions:
- request_headers:
header_name: ":path"
descriptor_key: path
- header_value_match:
descriptor_value: post
headers:
- name: :method
prefix_match: POST

descriptors:
- entries:
- key: header_match
value: post
- key: path
token_bucket:
max_tokens: 2
tokens_per_fill: 2
fill_interval: 60s
token_bucket:
max_tokens: 5
tokens_per_fill: 5
fill_interval: 60s
....
....

I would expect something like this to do the job for local rate limiting. However, the above does not work as it expects a value for the descriptor entry "path".

Also, changing the path as header_value_match instead of request_headers does not yield the required functionality as it maps /1/send, /2/send, ....., /n/send under the same descriptor entry, hence using a common quota for all requests.

I tried with the samples here. When we use a regex, as in the example:

actions:
- header_value_match:
descriptor_value: "status"
expect_match: true
headers:
- name: :path
string_match:
safe_regex:
google_re2: {}
regex: /status/.*

It will match /status/1 , /status/2 , .... /status/n under the same descriptor and hence, all of these paths will have a common quota counter.

What I am looking for is to rate limit each of these routes independently, i.e, per id.

Example: If I have a quota of 10 req/min , and I make 15 req to /status/1 and 5 req to /status/2 simultaneously, then I expect 5 req of /status/1 to be rate limited and all 5 requests of /status/2 to pass successfully.

However, because we have a common counter here, what is happening is 10 req of /status/1 goes through and the other 5 get rate limited. And, all 5 req of /status/2 is rate limited because the common quota counter is exhausted.

So, basically, I want each of these URIs to be rate-limited independently of each other.