Search code examples
wso2wso2-api-managerrate-limitingwso2-enterprise-integratorwhitelist

Access Control for API requests is not working in WSO2 APIM 4.1.0

I am trying rate limiting - allowed ip operation in WSO2 APIM 4.1.0.

Steps followed:

  • Added new Policy by navigate to Advanced Policies Under the Rate Limiting Policies option in admin portal.

added policy

  • Conditional Group added by selecting Specific IP option (in below pic i just given dummy value on behalf of original ip due to security reason)

specified ip

  • Engage policy with API in publisher portal

publisher portal

Problem:

  • Set Request Count as 5, it is allowing to hit API Continuously even though rate limit exceed(more than 5 hit).

  • if i provide any invalid ip under conditional policy, still API is accessible. I think whatever ip i have provided those are only having access and rate limit applied to that IP.

Kindly clarify on the same..

Solution

  • As suggested above by both @Athiththan and @Wasura Wattearachchi , I have deployed new revision after applying policy to API, which resolves my usecase.

    Policy:

    policy

    invertcondition

    As depicted above policy diagram, 2 request is allowed from specific ip by passing X-Forwarded-For in header section when invoke api. from 3rd request onwards it is blocking the api call and getting below response.

    {
    "code": "900802",
    "message": "Message throttled out",
    "description": "You have exceeded your quota .You can access API after 2022-May-22 10:45:00+0000 UTC",
    "nextAccessTime": "2022-May-22 10:45:00+0000 UTC"
}

    Note: if i pass invalid ip in header section, atleast one time api hit happening which is expected behavior in APIM Gateway