Custom rate-limiting policy for OSB services by Hugo Hendriks
A rate limiting policy is a policy which you can configure so that certain clients can only make a certain amount of calls on your service. For example you can make it SLA based. Another benefit is that you can prevent clients to flood your service which requests which can overload a backend system. This could be accidental or it might be on purpose (DDOS attack). Most API platforms like Mulesoft, Dell Boomi and Oracle API Platform Cloud Service have these out-of-the-box but the On-Prem version of SOA Suite doesn’t come out of the box with such a policy. Time to make one of our own.
In a previous post, I created a policy which could send data to an Elastic stack. See here. Again we are going to create a custom policy to check if a certain type of IP isn’t doing too much calls within 1 minute.
I am going to re-use the BaseAssertionExecutor of last time and make a new implementation. I am going to make the amount of calls configurable. So every unique IP can a certain amount of calls per minute. For easy testing purposes, my default is 10. See here the code for my RateLimitingAssertionExecutor: Read the complete article here.
For regular information on Oracle PaaS become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.