update rate limit to use session cookie (#3631)

2019-03-11 14:28:35 -07:00 · 2019-03-11 14:28:35 -07:00 · 21641fc79a
parent e9dd610a93
commit 21641fc79a
2 changed files with 7 additions and 7 deletions
--- a/content/docs/tasks/policy-enforcement/rate-limiting/index.md
+++ b/content/docs/tasks/policy-enforcement/rate-limiting/index.md
@ -119,7 +119,7 @@ so the configuration to enable rate limiting on both adapters is the same.
      namespace: istio-system
    spec:
      # quota only applies if you are not logged in.
-      # match: match(request.headers["cookie"], "user=*") == false
+      # match: match(request.headers["cookie"], "session=*") == false
      actions:
      - handler: handler.redisquota
        instances:
@ -334,7 +334,7 @@ so the configuration to enable rate limiting on both adapters is the same.

 In the above example we have effectively rate limited `productpage` at `2 rps` per client IP.
 Consider a scenario where you would like to exempt clients from this rate limit if a user is logged in.
-In the `bookinfo` example, we use cookie `user=<username>` to denote a logged in user.
+In the `bookinfo` example, we use cookie `session=<sessionid>` to denote a logged in user.
 In a realistic scenario you may use a `jwt` token for this purpose.

 You can update the `quota rule` by adding a match condition based on the `cookie`.
@ -347,14 +347,14 @@ metadata:
  name: quota
  namespace: istio-system
 spec:
-  match: match(request.headers["cookie"], "user=*") == false
+  match: match(request.headers["cookie"], "session=*") == false
  actions:
  - handler: handler.memquota
    instances:
    - requestcount.quota
 {{< /text >}}

-`memquota` or `redisquota` adapter is now dispatched only if `user=<username>` cookie is absent from the request.
+`memquota` or `redisquota` adapter is now dispatched only if `session=<sessionid>` cookie is absent from the request.
 This ensures that a logged in user is not subject to this quota.

 1.  Verify that rate limit does not apply to a logged in user.
--- a/content_zh/docs/tasks/policy-enforcement/rate-limiting/index.md
+++ b/content_zh/docs/tasks/policy-enforcement/rate-limiting/index.md
@ -106,7 +106,7 @@ keywords: [policies,quotas]
      namespace: istio-system
    spec:
      # quota only applies if you are not logged in.
-      # match: match(request.headers["cookie"], "user=*") == false
+      # match: match(request.headers["cookie"], "session=*") == false
      actions:
      - handler: handler.redisquota
        instances:
@ -310,14 +310,14 @@ metadata:
  name: quota
  namespace: istio-system
 spec:
-  match: match(request.headers["cookie"], "user=*") == false
+  match: match(request.headers["cookie"], "session=*") == false
  actions:
  - handler: handler.memquota
    instances:
    - requestcount.quota
 {{< /text >}}

-只有当请求中没有 `user = <username>` cookie 时，才会调度 `memquota` 或 `redisquota` 适配器。
+只有当请求中没有 `session = <sessionid>` cookie 时，才会调度 `memquota` 或 `redisquota` 适配器。
 这可确保登录用户不受此配额的约束。

 1. 验证速率限制不适用于登录用户。