Specifies the maximum number of requests allowed to access this application from the same session within a configured period (in seconds).
The request frequency filter is based on a statistical function that efficiently approximates the real request frequency with a low variance. The variance may be noticeable during testing, but the request frequency filter should give satisfying results for productive scenarios.
When the request threshold is reached, the requests will be blocked with HTTP response status code 503
(instead of 400
).
The log message will be accordingly:
WR-SG-BLOCK-162, "Request frequency per session restriction (number ...): Maximum number of allowed requests (...) within ... seconds for exceeded". attack_type: Overload, block_type: Overload Thresholds, constraint: Threshold