IP Address based soft lock

sujnana
Participant IV

We have requirement to “soft lock” a particular IP address when there are multiple failures in a span of 15 minutes. That is if 5 failures in a rolling 15 minutes, IP is locked (blocked) for 15 minutes from the first failure in the previous 15 minutes. I think there is no out of box support in Apigee.

I have following approach in my mind.

1. Populate the cache for the first failure with failure count as 1 in Fault flow. Along with failure count we may need to add current time (cache creation time). The cache expiry time is 15 minute (900 seconds). The cache key would be the IP address.

2. Lookup cache in Preflow. If the failure count is 5 then Raise fault.

3. If any failure in current request then do following in fault flow -

a) Increment the count by 1.

b) Calculate new expiry time from using cache creation time. (new cache expiry time = 900 - (current time - cache creation time).

c) Invalidate the cache

d) Populate the cache with latest failure count with new expiry time.

4. Invalidate cache for success response.

We need to calculate new cache expiry time as there no policy available to update existing cache.

Let me know if this is anti pattern or any alternative easy solution available for this requirement.

0 3 197
3 REPLIES 3

are you trying to do ip blacklisting but for a set time limit ?

Yes, block the IP for 15 minutes

sjm2000
Participant V

nice and usefull .

Yes obviously there are other solutions but i cant say its better than you have provided -

1. use npm modules (nodejs).

2. Also i have not tried but i feel you can use conditional qouta policy .

Thanks & Regards

Sujith Matheew