I am using ConcurrentRateLimit policy to protect the target server from bursty requests. Per the documentation (http://docs.apigee.com/api-services/reference/concurrent-rate-limit-policy), I have attached this policy to both Request and Response flows in the Target Endpoint as well as in the DefaultFaultRule section. The documentation says that it is recommended that we place this policy in a DefaultFaultRule. However, this appears to be mandatory requirement because I get a deployment error if I don't.

I also have a set of FaultRules set up to be executed when certain specific non-200 status codes are received in the HTTP response from the target server. Each one of these FaultRules set the status code to 503 and return an appropriate error message in the HTTP response body.

What I observe is that the ConcurrentRateLimit policy which is included as a Step in the DefaultFaultRule encounters an execution error in the event of a non-200 response and this results in the response body content (previously set by a FaultRule) getting wiped out. When the client receives the response, the response body is empty.

Why does this happen. The purpose of including the ConcurrentRateLimit policy as a Step in the DefaultFaultRule is to merely ensure that the rate counters are decremented in the event of a error. But, why does it throw an execution error and affect the response?

I have attached a screenshot of the request-response trace showing the ConcurrentRateLimit policy in an error state. I have also attached a ZIP file with the proxy configurations.

Thanks,

Viji