Global Security Forum

Hello,

Is it possible to create a rate limiting policy that applies only to a specific vital junction of a reverse proxy?

In https://www.ibm.com/docs/en/sva/10.0.7?topic=limiting-rate-policy-files , it seems it is possible to filter only on path or method:

# from the current documentation:
resources:  - url: /pkmslogin.form    method:      - POST

but I would like to be able to do something like that:

# nice to haveresources:  - url: "https://vhost1.example.org/*"    method:      - method: "*"

Thanks for your help

Stéphane,

Unfortunately it is not currently possible to match a request on the host header - you can only match a request on a URI and method.  This means that you cannot currently match requests on a per virtual host junction basis.

I'm sorry that I don't have better news.  If this is important to you I would suggest that you raise a requirement against the product.

Thanks,

Scott Exton.

Hello,

Is it possible to create a rate limiting policy that applies only to a specific vital junction of a reverse proxy?

In https://www.ibm.com/docs/en/sva/10.0.7?topic=limiting-rate-policy-files , it seems it is possible to filter only on path or method:

# from the current documentation:
resources:  - url: /pkmslogin.form    method:      - POST

but I would like to be able to do something like that:

# nice to haveresources:  - url: "https://vhost1.example.org/*"    method:      - method: "*"

Thanks for your help

Hello Scott,

Can we solve it using DynURL? I have never test it with rate limit, just an assumption.

Stéphane,

Unfortunately it is not currently possible to match a request on the host header - you can only match a request on a URI and method.  This means that you cannot currently match requests on a per virtual host junction basis.

I'm sorry that I don't have better news.  If this is important to you I would suggest that you raise a requirement against the product.

Thanks,

Scott Exton.

Hello,

Is it possible to create a rate limiting policy that applies only to a specific vital junction of a reverse proxy?

In https://www.ibm.com/docs/en/sva/10.0.7?topic=limiting-rate-policy-files , it seems it is possible to filter only on path or method:

# from the current documentation:
resources:  - url: /pkmslogin.form    method:      - POST

but I would like to be able to do something like that:

# nice to haveresources:  - url: "https://vhost1.example.org/*"    method:      - method: "*"

Thanks for your help

Hello Scott,

Can we solve it using DynURL? I have never test it with rate limit, just an assumption.

Stéphane,

Unfortunately it is not currently possible to match a request on the host header - you can only match a request on a URI and method.  This means that you cannot currently match requests on a per virtual host junction basis.

I'm sorry that I don't have better news.  If this is important to you I would suggest that you raise a requirement against the product.

Thanks,

Scott Exton.

Hello,

Is it possible to create a rate limiting policy that applies only to a specific vital junction of a reverse proxy?

In https://www.ibm.com/docs/en/sva/10.0.7?topic=limiting-rate-policy-files , it seems it is possible to filter only on path or method:

# from the current documentation:
resources:  - url: /pkmslogin.form    method:      - POST

but I would like to be able to do something like that:

# nice to haveresources:  - url: "https://vhost1.example.org/*"    method:      - method: "*"

Thanks for your help