WSO2 EI 6.6.0 Throttle Mediator 在达到 maxcount 时不会阻止 api 请求
WSO2 EI 6.6.0 Throttle Mediator not blocking api request if it reaches maxcount
我正在尝试在 WSO2 EI 6.6.0 中实施 throttle mediator 以允许某些 IP。即使将 throttle:MaximumCount 添加为 5,当命中数超过我在 throttle:UnitTime
中定义的特定持续时间内设置的次数时,它仍允许我连续命中 api
API代码:
<?xml version="1.0" encoding="UTF-8"?>
<api context="/throttleapi" name="ThrottleAPI" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="POST">
<inSequence>
<log description="welcomelog" level="custom">
<property name="ThrottleAPI" value="is called*******"/>
</log>
<log level="custom">
<property expression="$axis2:REMOTE_ADDR" name="****REMOTE_ADDR" xmlns:ns="http://org.apache.synapse/xsd"/>
<property expression="$axis2:REMOTE_HOST" name="****REMOTE_HOST" xmlns:ns="http://org.apache.synapse/xsd"/>
</log>
<throttle id="myThrottle" onAccept="acceptSequence" onReject="rejectSequence">
<policy>
<wsp:Policy wsu:id="WSO2MediatorThrottlingPolicy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<throttle:MediatorThrottleAssertion xmlns:throttle="http://www.wso2.org/products/wso2commons/throttle">
<throttle:MaximumConcurrentAccess>0</throttle:MaximumConcurrentAccess>
<wsp:Policy>
<throttle:ID throttle:type="IP">192.168.x.x - 192.168.x.x</throttle:ID>
<wsp:Policy>
<throttle:Control>
<wsp:Policy>
<throttle:MaximumCount>5</throttle:MaximumCount>
<throttle:UnitTime>60000</throttle:UnitTime>
<throttle:ProhibitTimePeriod>6000</throttle:ProhibitTimePeriod>
</wsp:Policy>
</throttle:Control>
</wsp:Policy>
</wsp:Policy>
</throttle:MediatorThrottleAssertion>
</wsp:Policy>
</policy>
</throttle>
</inSequence>
<outSequence/>
<faultSequence/>
</resource>
</api>
接受顺序:
<?xml version="1.0" encoding="UTF-8"?>
<sequence name="acceptSequence" trace="disable" xmlns="http://ws.apache.org/ns/synapse">
<log description="acceptSequencelog" level="custom">
<property name="acceptSequence" value="is called*******"/>
</log>
<log level="custom">
<property name="text" value="**Access Granted**"/>
</log>
<payloadFactory media-type="xml">
<format>
<status>OK</status>
</format>
<args/>
</payloadFactory>
<respond/>
</sequence>
拒绝序列:
<?xml version="1.0" encoding="UTF-8"?>
<sequence name="rejectSequence" trace="disable" xmlns="http://ws.apache.org/ns/synapse">
<log description="acceptSequencelog" level="custom">
<property name="rejectSequence" value="is called*******"/>
</log>
<log level="custom">
<property name="text" value="**Access Denied**"/>
</log>
<property name="HTTP_SC"
value="401"
scope="axis2"
type="STRING"
description="HTTP_SC_401"/>
<property name="RESPONSE"
value="true"
scope="default"
type="STRING"
description="RESPONSE"/>
<respond/>
</sequence>
谁能告诉我为什么 throttle:MaximumCount 功能不起作用?为什么它总是允许我 access/hit api?
另一个查询:
我在 docker 容器中部署了相同的 API,注意到 $axis2:REMOTE_ADDR 记录了 returns 一些 IP 系列,如 10.42.x.x,它不包含在 throttle:ID IP 范围。仍然应用程序允许其他 IP 访问服务而不是节流调解器中指定的 IP
也请说明一下。
PS:我相信当hit超过MaximumCount时rejectSequence会被执行
参考:
referred this question already
我已经用 EI 6.5.0 测试了相同的服务,它似乎没有任何问题。在 EI 6.6.0 新包中,基于 IP 的节流中存在一个错误,该错误会导致节流调解器无法正常工作。但它已通过最新更新修复。因此,如果您使用的是 EI 6.6.0,请获取最新更新 [1] 以解决问题。
[1]-https://updates.docs.wso2.com/en/latest/updates/update-commands/
我正在尝试在 WSO2 EI 6.6.0 中实施 throttle mediator 以允许某些 IP。即使将 throttle:MaximumCount 添加为 5,当命中数超过我在 throttle:UnitTime
API代码:
<?xml version="1.0" encoding="UTF-8"?>
<api context="/throttleapi" name="ThrottleAPI" xmlns="http://ws.apache.org/ns/synapse">
<resource methods="POST">
<inSequence>
<log description="welcomelog" level="custom">
<property name="ThrottleAPI" value="is called*******"/>
</log>
<log level="custom">
<property expression="$axis2:REMOTE_ADDR" name="****REMOTE_ADDR" xmlns:ns="http://org.apache.synapse/xsd"/>
<property expression="$axis2:REMOTE_HOST" name="****REMOTE_HOST" xmlns:ns="http://org.apache.synapse/xsd"/>
</log>
<throttle id="myThrottle" onAccept="acceptSequence" onReject="rejectSequence">
<policy>
<wsp:Policy wsu:id="WSO2MediatorThrottlingPolicy" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<throttle:MediatorThrottleAssertion xmlns:throttle="http://www.wso2.org/products/wso2commons/throttle">
<throttle:MaximumConcurrentAccess>0</throttle:MaximumConcurrentAccess>
<wsp:Policy>
<throttle:ID throttle:type="IP">192.168.x.x - 192.168.x.x</throttle:ID>
<wsp:Policy>
<throttle:Control>
<wsp:Policy>
<throttle:MaximumCount>5</throttle:MaximumCount>
<throttle:UnitTime>60000</throttle:UnitTime>
<throttle:ProhibitTimePeriod>6000</throttle:ProhibitTimePeriod>
</wsp:Policy>
</throttle:Control>
</wsp:Policy>
</wsp:Policy>
</throttle:MediatorThrottleAssertion>
</wsp:Policy>
</policy>
</throttle>
</inSequence>
<outSequence/>
<faultSequence/>
</resource>
</api>
接受顺序:
<?xml version="1.0" encoding="UTF-8"?>
<sequence name="acceptSequence" trace="disable" xmlns="http://ws.apache.org/ns/synapse">
<log description="acceptSequencelog" level="custom">
<property name="acceptSequence" value="is called*******"/>
</log>
<log level="custom">
<property name="text" value="**Access Granted**"/>
</log>
<payloadFactory media-type="xml">
<format>
<status>OK</status>
</format>
<args/>
</payloadFactory>
<respond/>
</sequence>
拒绝序列:
<?xml version="1.0" encoding="UTF-8"?>
<sequence name="rejectSequence" trace="disable" xmlns="http://ws.apache.org/ns/synapse">
<log description="acceptSequencelog" level="custom">
<property name="rejectSequence" value="is called*******"/>
</log>
<log level="custom">
<property name="text" value="**Access Denied**"/>
</log>
<property name="HTTP_SC"
value="401"
scope="axis2"
type="STRING"
description="HTTP_SC_401"/>
<property name="RESPONSE"
value="true"
scope="default"
type="STRING"
description="RESPONSE"/>
<respond/>
</sequence>
谁能告诉我为什么 throttle:MaximumCount 功能不起作用?为什么它总是允许我 access/hit api?
另一个查询:
我在 docker 容器中部署了相同的 API,注意到 $axis2:REMOTE_ADDR 记录了 returns 一些 IP 系列,如 10.42.x.x,它不包含在 throttle:ID IP 范围。仍然应用程序允许其他 IP 访问服务而不是节流调解器中指定的 IP
也请说明一下。
PS:我相信当hit超过MaximumCount时rejectSequence会被执行
参考:
referred this question already
我已经用 EI 6.5.0 测试了相同的服务,它似乎没有任何问题。在 EI 6.6.0 新包中,基于 IP 的节流中存在一个错误,该错误会导致节流调解器无法正常工作。但它已通过最新更新修复。因此,如果您使用的是 EI 6.6.0,请获取最新更新 [1] 以解决问题。
[1]-https://updates.docs.wso2.com/en/latest/updates/update-commands/