Global Security Forum

 View Only
  • 1.  [ISVA] rate limiting by virtual host

    Posted Mon February 19, 2024 01:01 PM


    Is it possible to create a rate limiting policy that applies only to a specific vital junction of a reverse proxy?

    In , it seems it is possible to filter only on path or method:

    # from the current documentation:
    resources: - url: /pkmslogin.form method: - POST

    but I would like to be able to do something like that:

    # nice to have
      - url: "*"
          - method: "*"

    Thanks for your help

    Stéphane MASSON

  • 2.  RE: [ISVA] rate limiting by virtual host

    Posted Tue February 20, 2024 02:01 AM


    Unfortunately it is not currently possible to match a request on the host header - you can only match a request on a URI and method.  This means that you cannot currently match requests on a per virtual host junction basis.

    I'm sorry that I don't have better news.  If this is important to you I would suggest that you raise a requirement against the product.


    Scott Exton.

    Scott Exton
    Gold Coast

  • 3.  RE: [ISVA] rate limiting by virtual host

    Posted Wed February 21, 2024 01:43 AM

    Hello Scott,

    Can we solve it using DynURL? I have never test it with rate limit, just an assumption.

    Janos Laszlo Horvath

  • 4.  RE: [ISVA] rate limiting by virtual host

    Posted Wed February 21, 2024 03:53 PM



    Unfortunately you cannot solve this using DynURL.  The rate limiting occurs very early in the processing of a request – where-as DynURL occurs much later.



    Scott A. Exton
    Senior Software Engineer
    Chief Programmer - IBM Security Verify Access

    IBM Master Inventor

    cid4122760825*<a href=image002.png@01D85F83.85516C50">




  • 5.  RE: [ISVA] rate limiting by virtual host

    Posted Thu February 22, 2024 01:27 AM


    Thanks for your messages.

    We were thinking about using API Access Control ( to implement that.

    We will test it and keep you posted.

    Stéphane MASSON