IBM Verify

 View Only

 WebSEAL Rate Limiting - Protecting flooding requests - understanding and examples

Leandro Hobo's profile image
Leandro Hobo posted Fri April 11, 2025 09:02 AM

Hi everyone,

We would like to known how to configure WebSEAL rate limiting for control throughput from some networks and with combination of some accounts or groups. 


The ideia is to prevent some flooding requests from some service account bots and coming from specific networks here.


For example: we want to prevent floods of requests coming from network 10.58.80.1/24 and from accounts AAAAAAAAAA, BBBBBBB , CCCCC*, *ZZZZZZZZ* or  or users from group GGGGGGG, when a throttling was reached?

Is there a way to to these situations? 

And just to understand the functionally... Suppose we set a rate limit of 50 requests per minute for a user.
 
If one user reaches this rate limit, will other users also receive an 429 error or only the user who exceeds the rate of 50 requests per minute?

Any hints will be very appreciated.

Regards. 

Leandro

Tushar Prasad's profile image
Tushar Prasad posted Sun April 13, 2025 11:05 PM

HI

Webseal(IVIA reverse Proxy ) has two capabilities

1.via through its native rate limiting

https://www.ibm.com/docs/en/sva/11.0.0?topic=configuration-rate-limiting

2.via through modSecurity - rich in capabilities

an example is here and there are lot of examples to do above

https://community.ibm.com/community/user/blogs/yutaka-kanemoto/2024/01/14/how-ibm-security-verify-access-makes-use-of-waf

Related Content