@Amoghavarsh Patil Thanks for reaching out. Please verify the X-forwarded header for example, the "X-Forwarded-For" header might look like this: X-Forwarded-For: 203.0.113.1, 198.51.100.2, 192.0.2.3
If you see the above pattern you can try adding the below policy
<inbound>
<base />
<!-- Save the X-Forwarded-For value -->
<set-variable name="originalXForwardedForValue" value="@{
string ipAddress = context.Request.Headers.GetValueOrDefault("x-forwarded-for","");
if (!string.IsNullOrEmpty(ipAddress))
{
string[] tokens = ipAddress.Split(',');
ipAddress = tokens[0];
}
return ipAddress;
}" />
<rate-limit-by-key calls="5" renewal-period="60"
counter-key="@((string)context.Variables["originalXForwardedForValue"])"
increment-condition="@(context.Response.StatusCode == 200)"
remaining-calls-variable-name="remainingCallsPerIP" />
</inbound>
this policy is to apply rate limiting based on the IP address of the client that initiated the request in this case the ipaddress would be 203.0.113.1
please try and let me know if works.
Please accept as Yes if the answer provided is useful, so that you can help others in the community looking for remediation for similar issues.