Dear Tyk Support Team,
Hello!
First of all, thank you for your service.
Due to security vulnerabilities, we want to prohibit the use of Lua scripts for the Redis user by applying the -@scripting flag.
However, when testing with tyk-gateway version 5.7.0, the following error occurred:
level=error msg="error unlocking quota key" blocked=false error="failed to unlock a mutex in redis: 1 error occurred:
* node #0: NOPERM User test-user-name has no permissions to run the 'evalsha' command
" exists=false expired=true quota=0 quotaMax=100 quotaRenewalRate=60 rawKey=quota-37c60722 remaining=99
It seems that the Redis module internally used by Tyk-Gateway relies on Lua scripts, specifically the EVALSHA command.
- Is there a version of Tyk-Gateway that implements rate and quota limiting without using Lua scripts?
- If Lua script usage is restricted, what issues or limitations might we encounter?
We would appreciate your guidance on this matter.
Best regards,