If an API call (client IP is used as an identifier) exceeds for example 10 attempts in a 20 seconds period we want to block that IP address for a 15 minutes period ? Any ideas how we can implement this in APIGEE ?
Solved! Go to Solution.
Hack 1 :
1) quota policy 1 - with identifier as ip address for 10 attempts.
2) Logic after quota policy that sets x-message-weight to 1 for 10th request
else x-message-weight = 0
3) quota policy 2 - allow-count = 1, identifier = ip, interval=10, timeunit=min, messageweight = x-message-weight
Hack 2 :
1) If an ip matches the rule (spike / quota violation triggered) then put the ip in KVM / Cache with an expiry time stamp as value
2) In front of spike and quota, read from cache. If ip present then fault if current time stamp < expiry time stamp.
~~A:S:S~~
Hack 1 :
1) quota policy 1 - with identifier as ip address for 10 attempts.
2) Logic after quota policy that sets x-message-weight to 1 for 10th request
else x-message-weight = 0
3) quota policy 2 - allow-count = 1, identifier = ip, interval=10, timeunit=min, messageweight = x-message-weight
Hack 2 :
1) If an ip matches the rule (spike / quota violation triggered) then put the ip in KVM / Cache with an expiry time stamp as value
2) In front of spike and quota, read from cache. If ip present then fault if current time stamp < expiry time stamp.
~~A:S:S~~
@Anil Sagar @ Google can you please share sample quota policy based on ip restriction? Thank you
Hi Anil Sagar @ Google, appreciate your response on this solution as I'm also looking for a solution to this ip restriction. Thanks in advance.
What did you try?
Did you look at the Quota documentation? Do you understand how to use the identifier element?
<Quota name="QuotaPolicy"> <Identifier ref="proxy.client.ip"/> <Allow count="10"/> <Interval>1</Interval> <TimeUnit>hour</TimeUnit> </Quota>
Hi Dino, thanks for the follow up. Yes, i have implemented the identifier using ip. It works. Thanks.