Page MenuHomePhabricator
Create Task
Maniphest T405636

api-gateway helm chart: rest routes should return retry-after when a rate limit applies.
Closed, ResolvedPublic
Actions

Description

It's good practive to send a Retry-After header along with 429 (or 503) status. We can achieve this in Envoy by setting the following in the rate limit configuration:

enable_x_ratelimit_headers: DRAFT_VERSION_03
response_headers_to_add:
  header:
    key: Retry-After
    value: "%RESP(x-ratelimit-reset)%"

However, if we dobn't want the x-ratelimit-* headers to be present in the response, we will probably have to add another filter to remove them again. Or maybe there's another way to generate Retry-After?

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
rest gateway: include a meaningful body with 429 responsesoperations/deployment-chartsmaster+75 -5
rest-gateway: generate retry-after header for rate-limited requestsoperations/deployment-chartsmaster+108 -11
Customize query in gerrit

Related Objects
Search...

Event Timeline

daniel created this task.Sep 25 2025, 5:54 PM
daniel mentioned this in T405574: api-gateway helm chart: add ability to test rate limiting for rest-gateway routes.
Clement_Goubert added a comment.Sep 26 2025, 11:07 AM

I don't see a particular issue with having the x-ratelimit-* headers in the response, but if there is one, I don't think there's another way of setting Retry-After to x-ratelimit-reset value except, like you said, to add and then remove the x-ratelimit-* headers.

JTweed-WMF moved this task from Inbox, needs triage to Next (DO NOT USE) on the MediaWiki-Platform-Team board.Sep 29 2025, 2:53 PM
daniel updated the task description. (Show Details)Nov 7 2025, 12:02 PM
daniel updated the task description. (Show Details)
pmiazga added a comment.Nov 7 2025, 8:51 PM

I would say the Retry-After is a bit better approach. What I don't like with Envoy's x-ratelimit-*` headers is that they expose a little bit too much.

The Retry-After is simple feedback - we cannot handle your request, but you can come back after some amount of time, and we should be able to handle it.
Where Envoy returns information - what is the window size, - how much before next window reset, - what is the per window allowance.

It doesn't hurt us, but if someone wants to keep wasting our resources or be just a "bad actor" -> we're giving them all information immediately.

Clement_Goubert added projects: Traffic, serviceops-deprecated.Nov 10 2025, 11:14 AM

After thinking about it a bit, I tend to agree with @pmiazga
Adding Traffic for their opinion

OWresch-WMF edited projects, added MediaWiki-Platform-Team (Q3 Kanban Board); removed MediaWiki-Platform-Team.Nov 21 2025, 11:39 AM
daniel assigned this task to Hokwelum.Nov 26 2025, 10:53 AM
gerritbot added a comment.Jan 9 2026, 12:30 PM

Change #1224937 had a related patch set uploaded (by Daniel Kinzler; author: Daniel Kinzler):

[operations/deployment-charts@master] rest-gateway: generate retry-after header for rate-limited requests

https://gerrit.wikimedia.org/r/1224937

gerritbot added a project: Patch-For-Review.Jan 9 2026, 12:30 PM
daniel changed the task status from Open to In Progress.Jan 9 2026, 12:30 PM
daniel claimed this task.
daniel added a subscriber: Hokwelum.
JTweed-WMF moved this task from Essential Work to OKR Work on the MediaWiki-Platform-Team (Q3 Kanban Board) board.Jan 13 2026, 11:14 AM
gerritbot added a comment.Jan 14 2026, 12:22 PM

Change #1226827 had a related patch set uploaded (by Daniel Kinzler; author: Daniel Kinzler):

[operations/deployment-charts@master] rest gateway: include a meaningful body with 429 responses

https://gerrit.wikimedia.org/r/1226827

gerritbot added a comment.Jan 21 2026, 3:00 PM

Change #1224937 merged by jenkins-bot:

[operations/deployment-charts@master] rest-gateway: generate retry-after header for rate-limited requests

https://gerrit.wikimedia.org/r/1224937

gerritbot added a comment.Jan 21 2026, 3:06 PM

Change #1226827 merged by jenkins-bot:

[operations/deployment-charts@master] rest gateway: include a meaningful body with 429 responses

https://gerrit.wikimedia.org/r/1226827

Maintenance_bot removed a project: Patch-For-Review.Jan 21 2026, 3:32 PM
daniel closed this task as Resolved.Jan 22 2026, 11:19 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits