Azure APIM Rate limiting for IP address

Question

Hi All,

I am trying to set rate limit based on IPAddress i found the below one but this is not working in my case since i have App Gateway and APIM reciving App Gateway backend Ip as IPAddress is their anyway i can get IPAddress from App Gateway and set rate limiting?

I checked about X-Forwarded-For even after trying that also IpAddress remain same in APIM.

And also i tried to restrict in App Gayeway rate limit but it shows 403 forribeden instead of 429 rate limit exceed.

 

Answer 1

@Amoghavarsh Patil Thanks for reaching out. Please verify the X-forwarded header for example, the "X-Forwarded-For" header might look like this: X-Forwarded-For: 203.0.113.1, 198.51.100.2, 192.0.2.3

If you see the above pattern you can try adding the below policy 

    <inbound>
        <base />
        <!-- Save the X-Forwarded-For value -->
        <set-variable name="originalXForwardedForValue" value="@{
            string ipAddress = context.Request.Headers.GetValueOrDefault("x-forwarded-for","");
                if (!string.IsNullOrEmpty(ipAddress))
                {
                    string[] tokens = ipAddress.Split(',');
                    ipAddress = tokens[0];
                }
                return ipAddress;
                }" />
        <rate-limit-by-key calls="5" renewal-period="60"
        counter-key="@((string)context.Variables["originalXForwardedForValue"])"
        increment-condition="@(context.Response.StatusCode == 200)"
        remaining-calls-variable-name="remainingCallsPerIP" />
    </inbound>

this policy is to apply rate limiting based on the IP address of the client that initiated the request in this case the ipaddress would be 203.0.113.1

please try and let me know if works.

Please accept as Yes if the answer provided is useful, so that you can help others in the community looking for remediation for similar issues.