Prerequisites
- Golf Gateway deployed and running
- Redis configured
How it works
Each request is checked against the limits in order, from most specific to most general:- Per-user — requests per window for a single authenticated user. Anonymous requests fall back to a per-IP limit using the same threshold.
- Per-server — requests per window for a single user against a specific MCP server.
- Global — system-wide requests per window across all users.
window_seconds.
Rate limiting fails open: if Redis is unavailable, requests are allowed through rather than blocked, so a cache outage never takes down your gateway.
Configure the per-user limit
The per-user limit is the only limit configurable via environment variables or YAML. Set it with theGOLF_RATE_LIMIT_ variables:
security section:
golf-gateway.yaml
| Setting | Env Variable | Default | Range | Description |
|---|---|---|---|---|
enabled | GOLF_RATE_LIMIT_ENABLED | true | - | Enable rate limiting |
requests_per_minute | GOLF_RATE_LIMIT_REQUESTS_PER_MINUTE | 1000 | 1-5000 | Per-user (and per-IP fallback) limit |
window_seconds | GOLF_RATE_LIMIT_WINDOW_SECONDS | 60 | 10-300 | Sliding window duration |
Global and per-server limits
System-wide (global) and per-server limits are managed through the Control Plane in Centralized mode — they are not configurable via environment variables or YAML. Their defaults are:| Limit | Default | Configured via |
|---|---|---|
| Per-user | 1000 req/window | Env var, YAML, or Control Plane |
| Per-server | 500 req/window | Control Plane only |
| Global | 1000 req/window | Control Plane only |
All three limits share the same
window_seconds. The window is always read from the environment and is not overridden by Control Plane configuration.Related guides
- Set Up Metrics and Monitoring - Monitor gateway health
- Set Up Alerting - Alert on anomalies
- Environment Variables - Full configuration reference
- YAML Config Schema - Distributed mode configuration