Hi,

We have a scenario where in a span of 1-2 seconds, we get a spike of incoming requests on our API, which are essentially duplicates (our definition of duplicates is the same correlationId on the request header).

I tried to fix this by creating a spike arrest policy which uses request.header.correlationId as identifier and:

<Rate>1ps</Rate>
<UseEffectiveCount>true</UseEffectiveCount>

But, this is not working as expected - it seems that by the time the spike arrest policy arrests the spike, about 10-11 duplicate requests are already through. (I even removed the identifier from the policy to make it more generic, but the same behaviour is exhibited)

What we want here is an effective policy that does not allow more than 1 request per second, based on a certain identifier.

If someone can suggest anything, it will be greatly appreciated.