This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Cloud Armor - multiple rate limiters in a single Security Policy

Posted on 11-04-2024 11:47 AM
sokol8
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi everyone,

I would like to have several rate limiters that would operate on different time-horizons.

For example:

1) RateLimiter1 will allow a user (ip-address + path pair) make max 10 requests per minute and ban the user for an hour in case of threshold violation.

2) RateLimiter2 will allow a user (ip-address + path pair) make max 100 requests per 24 hours and ban the user for an hour in case of threshold violation.

I can add multiple Rate Limiters to Cloud Armor but it looks like I cannot make them work properly together.

Rate Limiter 1 will either DENY request or ALLOW request to pass through.

When RateLimiter1 make decision to ALLOW request to pass through, the request will never reach RateLimiter2 for evaluation.

My main question is: is it even possible to make Cloud Armor Rate Limiters work like that? Are other non-Google WAFs allow anything like that?

Thanks!

0 7 1,008
Topic Labels
0 Likes
7 REPLIES 7
Top Labels in this Space
Top Solution Authors
View all