Idea Details

Rate Limit: Prorated Throttle and Transaction level Logs

Last activity 05-27-2020 12:44 AM
Durga Sainath Munjeti's profile image
05-04-2020 10:52 AM

In recent days, we started working to explore rate limit functionality and configuration to protect services from BOT/DDOD attacks and learned from Support these are some limitations to implement the solution;

  • The current ratelimit is not capable of prorated request throttling - Its a good to have feature to limit transactions based on some specific inputs within X time (~10 mins/25 mins) based request count(allow only ~1000 requests in ~600ms for input header value XX )
  • The current ratelimit not capturing failure/throttled reasons at transaction/policy Level - In current releases, the logs only pushing to SSG logs and we are looking to read rate limit throttle issue at policy level to capture at transaction level


Comments

05-27-2020 12:44 AM

A client log of a specific type could be dropped because of throttles for that type in either of the above two sets mycfavisit.