doc: add doc of key for limit-* plugins.

doc/plugins/limit-conn-cn.md

@@ -20,20 +20,21 @@
 [English](limit-conn.md)
 # limit-conn
 
-Apisix 的限制并发请求（或并发连接）插件。
+限制并发请求（或并发连接）插件。
 
 ### 属性
 
-* `conn`: 允许的最大并发请求数。 超过这个比率的请求(低于“ conn” + “ burst”)将被延迟以符合这个阈值。
-* `burst`: 允许延迟的过多并发请求(或连接)的数量。
+* `conn`: 允许的最大并发请求数。超过 `conn` 的限制、但是低于 `conn` + `burst` 的请求，将被延迟处理。
+* `burst`: 允许被延迟处理的并发请求数。
 * `default_conn_delay`: 默认的典型连接(或请求)的处理延迟时间。
 * `key`: 用户指定的限制并发级别的关键字，可以是客户端IP或服务端IP。
 
     例如，可以使用主机名(或服务器区域)作为关键字，以便限制每个主机名的并发性。 否则，我们也可以使用客户端地址作为关键字，这样我们就可以避免单个客户端用太多的并行连接或请求淹没我们的服务。
 
     现在接受以下关键字: “remote_addr”(客户端的 IP)，“server_addr”(服务器的 IP)，请求头中的“ X-Forwarded-For/X-Real-IP”。
 
-* `rejected_code`: 当请求超过阈值时返回的 HTTP状态码， 默认值是503。
+    **key 是可以被用户自定义的，只需要修改插件的一行代码即可完成。并没有在插件中放开是处于安全的考虑。**
+* `rejected_code`: 当请求超过 `conn` + `burst` 这个阈值时，返回的 HTTP状态码，默认值是503。
 
 #### 如何启用
 

doc/plugins/limit-conn.md

@@ -28,7 +28,7 @@
 
 ## Name
 
-Limiting request concurrency (or concurrent connections) plugin for Apisix.
+Limiting request concurrency plugin.
 
 ## Attributes
 
@@ -38,7 +38,9 @@ Limiting request concurrency (or concurrent connections) plugin for Apisix.
 |burst         |required|is the number of excessive concurrent requests (or connections) allowed to be delayed.|
 |default_conn_delay |required|is the default processing latency of a typical connection (or request).|
 |key           |required|is the user specified key to limit the concurrency level. <br>For example, one can use the host name (or server zone) as the key so that we limit concurrency per host name. Otherwise, we can also use the client address as the key so that we can avoid a single client from flooding our service with too many parallel connections or requests. <br> Now accept those as key: "remote_addr"(client's IP), "server_addr"(server's IP), "X-Forwarded-For/X-Real-IP" in request header.|
-|rejected_code |required| The HTTP status code returned when the request exceeds the threshold is rejected. The default is 503.|
+|rejected_code |required| The HTTP status code returned when the request exceeds `conn` + `burst` will be rejected. The default is 503.|
+
+**Key can be customized by the user, only need to modify a line of code of the plug-in to complete.  It is a security consideration that is not open in the plugin.**
 
 ## How To Enable
 

doc/plugins/limit-count-cn.md

@@ -38,6 +38,9 @@
 |redis_password|可选     |当使用 `redis` 限速策略时，该属性是 Redis 服务节点的密码。|
 |redis_timeout |可选     |当使用 `redis` 限速策略时，该属性是 Redis 服务节点以毫秒为单位的超时时间，默认是 1000 ms（1 秒）。|
 
+
+**key 是可以被用户自定义的，只需要修改插件的一行代码即可完成。并没有在插件中放开是处于安全的考虑。**
+
 ### 示例
 
 #### 开启插件

doc/plugins/limit-count.md

@@ -45,6 +45,9 @@ Limit request rate by a fixed number of requests in a given time window.
 |redis_password|optional|When using the `redis` policy, this property specifies the password of the Redis server.|
 |redis_timeout |optional|When using the `redis` policy, this property specifies the timeout in milliseconds of any command submitted to the Redis server. The default timeout is 1000 ms(1 second).|
 
+
+**Key can be customized by the user, only need to modify a line of code of the plug-in to complete.  It is a security consideration that is not open in the plugin.**
+
 ## How To Enable
 
 Here's an example, enable the `limit count` plugin on the specified route:

doc/plugins/limit-req-cn.md

@@ -30,6 +30,8 @@
 * `rejected_code`：当请求超过阈值被拒绝时，返回的 HTTP 状态码
 * `key`：是用来做请求计数的依据，当前接受的 key 有："remote_addr"(客户端IP地址), "server_addr"(服务端 IP 地址), 请求头中的"X-Forwarded-For" 或 "X-Real-IP"。
 
+**key 是可以被用户自定义的，只需要修改插件的一行代码即可完成。并没有在插件中放开是处于安全的考虑。**
+
 ## 示例
 
 ### 开启插件

doc/plugins/limit-req.md

@@ -40,6 +40,8 @@ limit request rate using the "leaky bucket" method.
 |rejected_code |required|The HTTP status code returned when the request exceeds the threshold is rejected. The default is 503.|
 | key          |required|is the user specified key to limit the rate, now accept those as key: "remote_addr"(client's IP), "server_addr"(server's IP), "X-Forwarded-For/X-Real-IP" in request header.|
 
+**Key can be customized by the user, only need to modify a line of code of the plug-in to complete.  It is a security consideration that is not open in the plugin.**
+
 ## How To Enable
 
 Here's an example, enable the limit req plugin on the specified route: