Traefik Labs · Rate Limits

Traefik Rate Limits

Traefik Proxy is self-hosted software, so request throttling is configured by the operator (via the RateLimit / InFlightReq HTTP middlewares and the InFlightConn TCP middleware) rather than imposed by Traefik Labs as a vendor. Traefik Hub adds the APIPlan CRD, which carries documented rate and quota fields (limit, period, bucket) that operators apply per managed subscription. The Hub control plane's own API-management quotas are not published on the public site and are part of each customer's commercial agreement.

Traefik Rate Limits is the machine-readable rate-limit profile for Traefik Labs on the APIs.io network, conforming to the API Commons Rate Limits specification.

It captures 5 rate-limit definitions, measuring requests, in-flight requests, in-flight TCP connections, and varies.

The profile also includes 5 backoff/retry policies defined.

Tagged areas include API Gateway, API Management, Kubernetes, and Rate Limiting.

5 Limits
API GatewayAPI ManagementKubernetesRate Limiting

Limits

Traefik Proxy (self-hosted) - tenant-facing operator-configured
requests
defined by the operator via the RateLimit middleware
The middleware supports `average` requests-per-period, `burst` token-bucket size, and `period` window length.
Traefik Proxy (self-hosted) - concurrent requests operator-configured
in-flight requests
defined by the operator via the InFlightReq HTTP middleware (amount field)
Traefik Proxy (self-hosted) - concurrent TCP connections operator-configured
in-flight TCP connections
defined by the operator via the InFlightConn TCP middleware (amount field)
Traefik Hub APIPlan default example managed-subscription
requests
1 request / second + 10,000 requests / 750 hours (vendor-documented illustrative APIPlan)
Documented as an example in the APIPlan CRD reference; production plans are customer-defined.
Traefik Hub control plane account
varies
not published; governed by the commercial agreement

Policies

HTTP RateLimit Middleware
Configurable per router or service. Fields - average (req/period), burst (token-bucket capacity), period (e.g. 1s, 1m), and optional sourceCriterion to scope the limit to a header, IP, or ipStrategy. Returns HTTP 429 when exceeded.
HTTP InFlightReq Middleware
Caps concurrent in-flight HTTP requests per source criterion. Returns HTTP 429 when the configured `amount` is reached.
TCP InFlightConn Middleware
Caps concurrent TCP connections per remote IP. Refuses connections once the configured `amount` is reached.
Hub APIPlan
Kubernetes CRD attached to managed subscriptions. Carries a rateLimit block (limit, period, bucket) and a quota block (limit, period, bucket). Bucket controls scoping - per subscription, per application, or per application-API pair. Exceeding either yields HTTP 429.
Contact Sales for Hub Quotas
Provider-side quotas on the Hub control plane are not published; the commercial contract sets the operational limits.

Sources