Manual Chapter : Creating a rate limiting configuration

Applies To:

Show Versions Show Versions

BIG-IP APM

  • 15.0.0
Manual Chapter

Creating a rate limiting configuration

You develop rate limiting configurations within an API protection profile so you need to have created a profile, and specified keys with key values to classify requests.
To be able to configure multiple usage plans for different user and client groups, you can create rate limiting configurations to assign quotas and spike arrest limits based on identity keys. You can enforce the configurations for the whole API protection profile or for each method or path. To do this, you associate one or more rate limiting configurations with an API Rate Limiting agent in the API protection per-request policy.
  1. On the Main tab, click
    Access
    API Protection
    Profile
    .
  2. Click the name of the API protection profile for which you are configuring rate limiting.
  3. On the Rate Limiting tab, in the Rate Limiting section, click
    Create
    .
    The Rate Limiting Properties section opens where you define the rate limiting configuration.
  4. For
    Name
    , type a unique name for the rate limiting configuration.
    For example, you could name the configurations
    PersonalQuota
    and
    DepartmentQuota
    to establish different quotas for each employee and an entire department.
  5. For
    Keys
    , move the key (or keys) to which this configuration applies to the
    Selected Keys
    list.
  6. For
    Request Quota
    , select
    Enable
    and type the number of requests to allow for 1 - 60 minutes (default is 1 minute) for this API protection profile.
    In the per-request policy, requests over the quota are sent to the fallback branch.
  7. For
    Spike Arrest
    , select
    Enable
    and type the number of requests to allow for 1 - 60 seconds (default is 10 seconds) for this API protection profile.
    In the per-request policy, requests over the spike arrest limit are sent to the fallback branch.
  8. Click
    Add
    .
  9. When you are done developing rating limiting configurations, at the bottom of the screen, click
    Save
    .
You have established quotas and spike arrest limits in a rate limiting configuration that can be assigned to an API Rate Limiting agent created in an API protection per-request policy.
Next, you can create blacklists and whitelists to allow or deny certain API requests.