This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How To Restrict & Smoothen API Traffic Based on IP Address ?

Posted on 07-07-2016 08:49 PM
Not applicable
Reply posted on --/--/---- --:-- AM

If an API call (client IP is used as an identifier) exceeds for example 10 attempts in a 20 seconds period we want to block that IP address for a 15 minutes period ? Any ideas how we can implement this in APIGEE ?

Solved Solved
0 5 1,886
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Hack 1 :

1) quota policy 1 - with identifier as ip address for 10 attempts.

2) Logic after quota policy that sets x-message-weight to 1 for 10th request

else x-message-weight = 0

3) quota policy 2 - allow-count = 1, identifier = ip, interval=10, timeunit=min, messageweight = x-message-weight

Hack 2 :

1) If an ip matches the rule (spike / quota violation triggered) then put the ip in KVM / Cache with an expiry time stamp as value

2) In front of spike and quota, read from cache. If ip present then fault if current time stamp < expiry time stamp.

~~A:S:S~~

View solution in original post

Jump to Solution
5 REPLIES 5

Posted on --/--/---- --:-- AM
anilsr
Staff
Reply posted on --/--/---- --:-- AM

Hack 1 :

1) quota policy 1 - with identifier as ip address for 10 attempts.

2) Logic after quota policy that sets x-message-weight to 1 for 10th request

else x-message-weight = 0

3) quota policy 2 - allow-count = 1, identifier = ip, interval=10, timeunit=min, messageweight = x-message-weight

Hack 2 :

1) If an ip matches the rule (spike / quota violation triggered) then put the ip in KVM / Cache with an expiry time stamp as value

2) In front of spike and quota, read from cache. If ip present then fault if current time stamp < expiry time stamp.

~~A:S:S~~

Jump to Solution

Posted on --/--/---- --:-- AM
somasrikanth1
New Member
Reply posted on --/--/---- --:-- AM

@Anil Sagar @ Google can you please share sample quota policy based on ip restriction? Thank you

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
darrenchong
New Member
In response to somasrikanth1
Reply posted on --/--/---- --:-- AM

Hi Anil Sagar @ Google, appreciate your response on this solution as I'm also looking for a solution to this ip restriction. Thanks in advance.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
dchiesa1
Staff
In response to somasrikanth1
Reply posted on --/--/---- --:-- AM

What did you try?

Did you look at the Quota documentation? Do you understand how to use the identifier element? 

<Quota name="QuotaPolicy">
  <Identifier ref="proxy.client.ip"/> 
  <Allow count="10"/>
  <Interval>1</Interval>
  <TimeUnit>hour</TimeUnit>
</Quota>
Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
darrenchong
New Member
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi Dino, thanks for the follow up. Yes, i have implemented the identifier using ip. It works. Thanks.

Jump to Solution
0 Likes