IBM Integration Community Come for answers. Stay for best practices. All we’re missing is you. Join / Log in Ask a question
Can we remove "X-RateLimit-Limit" and "X-RateLimit_Remaining" from response headers ? If yes please guide, Because I have tried using gatewayscript,Set Variable and by suppressing the headers from DataPower but unable to remove.
Hi Pawan,What you're running into is when these headers are added to your response headers in relation to your assembly rule. As you've found out, the headers are being added after your assembly rule completes processing, so your attempts within your API assembly are not working. What type of Gateway are you using? For a v5 compatible gateway, a post-response or post-error gateway extension would be your only option. I've not tried this with the API Gateway to determine if a post-response or post-error global policy would be executed after these headers are added so you could subsequently remove them, but that is the only solution I can think of that MIGHT work. I'll need to ask around or do a prototype before I can give a definitive answer.Best Regards,Steve
From discussions I've had with other developers, this can only be done with a post response global policy and only within the finally clause of the global policy. The finally clause is only supported starting at DataPower 10.5.0.x, so if you're using API Connect/DataPower versions 10.0.1.x you'll need to upgrade both API Connect and DataPower.
Hi Mahima,This has been reported by other customers, and a fix will be delivered in the next DataPower fixpack 10.5.0.9 which is in final testing and should be available in the not too distant future (a week or so if all goes well). If you can be patient, I'd get that fix pack when it is available. Also, I must correct my previous post where the update to the headers must be in the post-error global policy's finally rule, NOT the post-response that I had incorrectly stated before. The issue is the global finally, where the post-error finally policies deploy, by default has an action called an API Result action, and the post-error was adding the policies from the global error policy BEFORE the API Result action, but it is this API Results action that fills in the CORS and Rate Limit headers. The fix properly keeps the API Result action first and adds the global policy actions after the API Results action so the subsequent global policy processing will change what is returned to the end user.Best Regards,Steve Linn
------------------------------Mahima AnnagiriOriginal Message:Sent: Mon October 02, 2023 09:41 AMFrom: Steve LinnSubject: Need to remove the particular response headers
Hello @Steve Linn,
Thanks for the reply. We will try to update when the changes are available. But post error global policy can only contain catch & finally policy, that would mean we will have to create a catch policy even though we do not have a requirement to catch any error globally. For removing the ratelimit headers, post error global policy does not seem to be ideal spot.
Hi Mahima,10.5.0.9 was made available Friday 12/08. See https://www.ibm.com/support/pages/node/6607653?myns=swgother&mynp=OCSS9H2Y&mync=E&cm_sp=swgother-_-OCSS9H2Y-_-E As for your question, the post-error global policy is really from a DataPower perspective is executed at the end of all transaction processing, so yes, it may seem an odd place, but as part of the default post transaction finally processing is where the rate-limit and CORS headers are added, so your post-error finally will be where you can remove what the default post transaction processing added.Best Regards,Steve
Hi @Steve Linn
Fantastic thread - detailed and knowledgeable answers. Thank you SO much.. We have been pulled around by support and developers for a few weeks now, where we needed to remove some response headers (and some mirrored input headers). We have been old that it was possible using the normal post assembly. But we could not get it working - and have been sending information to them in a continuous stream, he he..This explains a lot and suddenly all our frustrations make sense, he he.. We are on API Connect 10.0.5.5 meaning Datapower 10.5.0.7 from much earlier last year.. I guess we will wait for the latest fixes to be available in API Connect as well - and find a workaround until then..
Hi All, I wanted to add one additional point about the post-error finally handling. This is for actual API traffic only (ie, HTTP GET, POST, etc). If an OPTIONS request is sent to handle CORS only, this skips the assembly processing and thus there is no post-response/post-error processing that can catch anything to modify any response headers. This is by design. My apologies if there was any confusion on this point.Best Regards,
Removing the X rate limit and the X rate limit remaining requires careful handling. In DataPower, utilize the GatewayScript to access response headers. Implement code to delete specified headers