question

Jit-7359 avatar image
0 Votes"
Jit-7359 asked PramodValavala-MSFT answered

How to set rate limit for all access except from some IP address in Azure API Management

Hello,

I would like to limit API access in Azure API management from public IP addresses by setting the rate limit rule for those accesses (eg. 10 times per minute per IP address) to prevent some brute force action.

But I need to allow access for some authorized IP addresses that will be able to get unlimited access to our API.

I found that we can set rate limits for all IP addresses or allow only specific IP addresses to access our system. But, how can I configure rules for my situation?

Let's me show you an example for more clarification

I want to allow IP 123.123.55.99 to access my API without any limitation

but need to limit any access from all over the world to only 10 times per minute per IP address.

Is it possible to configure rules like this?

Any answer would be greatly appreciated.

Thanks in advance


azure-api-management
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

PramodValavala-MSFT avatar image
1 Vote"
PramodValavala-MSFT answered

@Jit-7359 You could leverage the choose policy to validate the context.Request.IpAddress value against your list of authorized IP addresses and if the incoming request is not from one of them, enforce the rate limit.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.