Section – Overload Prevention

Section - Overload Prevention

Specifies the maximum number of requests allowed to access this application from the same session within a configured period (in seconds).
The request frequency filter is based on a statistical function that efficiently approximates the real request frequency with a low variance. The variance may be noticeable during testing, but the request frequency filter should give satisfying results for productive scenarios.

When the request threshold is reached, the requests will be blocked with HTTP response status code 503 (instead of 400).

The log message will be accordingly:

WR-SG-BLOCK-162, "Request frequency per session restriction (number ...): Maximum number of allowed requests (...) within ... seconds for exceeded". attack_type: Overload, block_type: Overload Thresholds, constraint: Threshold

Log only

Enables/disables the log-only mode. When ticked, Overload Prevention only creates logs instead of blocks.

Source IP address exception

Reference to an IP list that acts as an allow list. All source IPs matching this list will be excluded from the request limit per session restriction.

Request frequency restrictions per session

Value

Description

Enabled

Icon - Green dot - ON = enabled

Icon - Gray dot - OFF = disabled

Path pattern

A pattern matching the request path. Optionally containing an entry or back-end path variable for static mappings (e.g. ^%ENTRYDIR%/).

For more information and examples, see article Entry path as Directory or Regular expression.

Max requests per interval

Maximum requests that are allowed per session.

Interval (seconds)

Interval for measurement of allowed requests per session.

The processing order is important because the first matching rule will be applied.