This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Is it possible to the rate limit based on the request headers

Posted on 03-03-2016 11:01 PM
Not applicable
Reply posted on --/--/---- --:-- AM

Hi,

I would like to know is it possible to the rate limiting based on the request headers creation in the API call.

0 1 3,214
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Dear @sargurunathan,

Welcome to Apigee Community. Yes, Its possible using out of the box rate limiting policies. It's available as a basic functionality in Apigee Rate limiting policies. For example,

You can rate limit access to APIs based on assigned quota using Quota policy. You can rate limit quota counter based on variables like request headers using <Identifier> property

<Identifier ref="request.header.headername"/>

Similarly, You can rate limit & smoothen traffic to prevent DOS attacks using Spike Arrest policy . You can protect your backend using concurrent rate limit policy.concurrent rate limit policy.

Find example quota policy below that sets Quota Rate limiting based on header param customVariable,

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Quota async="false" continueOnError="false" enabled="true" name="Quota-1">
    <DisplayName>Quota-1</DisplayName>
    <Properties/>
    <Allow count="10" countRef="request.header.allowed_quota"/>
    <Identifier ref="request.header.customVariable"/>
    <Interval ref="request.header.quota_count">1</Interval>
    <Distributed>false</Distributed>
    <Synchronous>false</Synchronous>
    <TimeUnit ref="request.header.quota_timeout">month</TimeUnit>
</Quota>

2089-screen-shot-2016-03-04-at-125712-pm.png

2090-screen-shot-2016-03-04-at-125744-pm.png

Keep us posted if you have any further queries / need any examples.