# rate_limit_template.conf

# This is a template configuration file for the API Rate Limiter plugin.
# Fill in the placeholders with your desired values.
# Save this file as rate_limit.conf (or similar) and specify its path when configuring the plugin.

# --- General Settings ---
# Enable/Disable rate limiting
enabled: true  # Set to 'false' to disable rate limiting

# Rate limiting algorithm: token_bucket, sliding_window, fixed_window
algorithm: token_bucket

# Redis connection details
redis_host: localhost
redis_port: 6379
redis_password: ""  # Leave blank if no password
redis_db: 0

# --- Global Rate Limits (applied to all requests if no user/IP specific limits are defined) ---
global_limit_enabled: false # Enable/disable global rate limiting

# Number of requests allowed within the specified time window
global_requests_per_window: 100

# Time window in seconds
global_window_seconds: 60

# --- Token Bucket Settings (if algorithm is set to 'token_bucket') ---
# Number of tokens in the bucket
token_bucket_capacity: 100

# Rate at which tokens are added to the bucket (tokens per second)
token_replenishment_rate: 10

# --- Sliding Window Settings (if algorithm is set to 'sliding_window') ---
# Number of requests allowed within the window
sliding_window_limit: 100

# Window size in seconds
sliding_window_seconds: 60

# --- Fixed Window Settings (if algorithm is set to 'fixed_window') ---
# Number of requests allowed within the window
fixed_window_limit: 100

# Window size in seconds
fixed_window_seconds: 60

# --- Per User/IP Rate Limits ---
# Enable per-user rate limiting (requires user identification mechanism)
user_limit_enabled: false

# Number of requests allowed per user within the specified time window
user_requests_per_window: 50

# Time window in seconds for user rate limiting
user_window_seconds: 60

# Enable per-IP rate limiting
ip_limit_enabled: true

# Number of requests allowed per IP within the specified time window
ip_requests_per_window: 20

# Time window in seconds for IP rate limiting
ip_window_seconds: 60

# --- Burst Handling ---
# Allow a burst of requests beyond the rate limit (e.g., for initial page load)
burst_limit_enabled: true

# Maximum number of requests allowed in a burst
burst_limit: 20

# --- Rate Limit Headers ---
# Enable sending rate limit headers in the response
enable_rate_limit_headers: true

# Header name for the rate limit
rate_limit_header: X-RateLimit-Limit

# Header name for the remaining requests
rate_limit_remaining_header: X-RateLimit-Remaining

# Header name for the time until the limit resets (in seconds)
rate_limit_reset_header: X-RateLimit-Reset

# --- Advanced Settings ---
# Key prefix for storing rate limit data in Redis
redis_key_prefix: rate_limit:

# Custom error message when rate limit is exceeded
rate_limit_exceeded_message: "Rate limit exceeded. Please try again later."

# HTTP status code to return when rate limit is exceeded
rate_limit_exceeded_status_code: 429  # Too Many Requests