API rate limiting is a common use case for Forum Sentry. Limiting the number of requests allowed for a specific client or user - and taking a custom action when the defined limit is hit - is supported through the Intrusion Detection and Prevention (IDP) Rule "Maximum Document Count".
- This rule can be configured for X number of documents per second, minute, hour, or day.
- The enforcement for this rule can be applied by IP, user, user group, or some other arbitrary value that uniquely identifies the client.
- The IDP rule can be set globally, set on individual policies, or set on operations within policies.
- The rate limiting count can be shared across multiple Sentry instances configured in an active/active HA pair through IDP Clustering.
- When the rule is triggered, different actions can be taken including: block, throttle (allow a specific %), pass and alert, etc. Various alerts can also be configured. The action and alerts are defined within the IDP Action associated to the IDP Rule.
- IDP rules can be enabled / disabled automatically via IDP Schedules.
- Sentry can limit (block) for many other reasons including source IP, username, size, schema validation failure, etc.
See the attached IDP Rules Guide for more info and contact Forum Systems Support for assistance with your use case.
Related Screen Shots: