Written by 
I have setup an API-Gateway with kong and below is my kong.yml file.
_format_version: "2.1"
_transform: true
services:
- name: auth-service
url: http://xxxxxxxxxxx
routes:
- name: auth-routes
paths:
- /auth
- name: audit-service
url: http://xxxxxxxxxxx
routes:
- name: audit-routes
paths:
- /audits
plugins:
- name: rate-limiting
service: auth-service
config:
minute: 100
hour: 1000
day: 10000
- name: rate-limiting
service: audit-service
config:
minute: 100
hour: 1000
day: 10000
As you can see in my other server, I have couple of services running and kong handles the traffic according to the rotes.
The problem is, when the ratelimit is reached, kong blocks all IPs. Not just attacking IP. I tested this by running a K6 with a droplet and while it’s running, I tried calling the API gateway from my PC and I got the message saying “rate-limit reached”
Any idea how to fix this ? Thanks!