2

I'm looking at the rate limiting on Incapsula, which limits requests etc. based on per minute.

Rate >= {api-rate;4}

Is there a way to rate limit based on per second? So if an ip exceeds 1 request per second, then block it.

Cheers

neuro
  • 14,948
  • 3
  • 36
  • 59
chris c
  • 321
  • 2
  • 14

1 Answers1

2

The rate is in sliding window of 1 minute calculated every second, therefore you ca use: Rate >= {api-rate;60}

Dima
  • 36
  • 2
  • Hmm the only problem here is that the rule won't take effect immediately, but rather after 60 seconds. I was hoping for it to work after a few seconds. – chris c Aug 07 '18 at 03:41
  • This is not correct, as rate is calculated every second, once 60 requests passed (even in 1 second), it will trigger. – Dima Aug 09 '18 at 14:22
  • You can now create custom rate rules with a counter value between 10 and 300 seconds. https://docs.imperva.com/bundle/cloud-application-security/page/rules/rates.htm – k1DBLITZ Jun 13 '19 at 14:41