Hi Oliver
Basically throttle can be configured to achieve two things.
1.
Throttling concurrent access to the system
In this case, throttle mediator limits the number of virtual concurrent
connection to the given number from throttle mediator to the external.
Example policy.
<wsp:Policy xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:throttle="
http://www.wso2.org/products/wso2commons/throttle";>
<throttle:ThrottleAssertion>
<throttle:MaximumConcurrentAccess>10</throttle:MaximumConcurrentAccess>
</throttle:ThrottleAssertion>
</wsp:Policy>
In this case, maximum number of concurrent access it 10. Therefore, even
there are more than 10 concurrent incoming messages to the throttle mediator
,the out going messages from that throttle mediator always constant and in
this case , it is 10.Therefore , only 10 concurrent connection are virtually
enable. Please refers to the sample 370.(synapse_sample_370.xml).
Note : when you are defined a throttle with concurrency policy, there should
be on out path a another throttle that has same id('id' attribute of
throttle mediator ) in oder to create a throttle group. The throttle
mediator in the out path is used to free a virtual connection so that any
incoming request can use. Please refers to the sample
370.(synapse_sample_370.xml).
2. Rate based access throttling.
1.
There are two sub category. One is client 'IP' based and second other is
client 'domain'(host) name based. The general policy format is as follows.
<wsp:Policy xmlns:wsp="
http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:throttle="
http://www.wso2.org/products/wso2commons/throttle";>
<throttle:ThrottleAssertion>
<wsp:All>
<throttle:ID throttle:type="IP">other</throttle:ID>
<wsp:ExactlyOne>
<wsp:All>
<throttle:MaximumCount>4</throttle:MaximumCount>
<throttle:UnitTime>800000</throttle:UnitTime>
<throttle:ProhibitTimePeriod wsp:Optional="true">10000
</throttle:ProhibitTimePeriod>
</wsp:All>
<throttle:IsAllow>true</throttle:IsAllow>
</wsp:ExactlyOne>
</wsp:All>
<wsp:All>
<throttle:ID
throttle:type="IP">192.168.8.200-192.168.8.222</throttle:ID>
<wsp:ExactlyOne>
<wsp:All>
<throttle:MaximumCount>8</throttle:MaximumCount>
<throttle:UnitTime>800000</throttle:UnitTime>
<throttle:ProhibitTimePeriod wsp:Optional="true">10
</throttle:ProhibitTimePeriod>
</wsp:All>
<throttle:IsAllow>true</throttle:IsAllow>
</wsp:ExactlyOne>
</wsp:All>
</throttle:ThrottleAssertion>
</wsp:Policy>
For a valid throttle policy , there should be a one or more children (web
service policy type All assertion - All) to a ThrottleAssertion
All policy assertion (web service policy type All assertion – All) has the
following format
<wsp:All>
<throttle:ID throttle:type="IP|DOMAIN">(IP or Domain
)</throttle:ID>
<wsp:ExactlyOne>
<wsp:All>
<throttle:MaximumCount>number -
int</throttle:MaximumCount>
<throttle:UnitTime>Time window in millisecond
</throttle:UnitTime>
<throttle:ProhibitTimePeriod
wsp:Optional="true">millisecond
</throttle:ProhibitTimePeriod>
</wsp:All>
<throttle:IsAllow>true|false</throttle:IsAllow>
</wsp:ExactlyOne>
</wsp:All>
The web service policy XML Primitive assertion ID ( <throttle:ID
throttle:type="IP|DOMAIN">) contains type attribute which is required and
only allow to contains IP or DOMAIN. This attribute differentiates the
throttle type.
With in this assrtion , there should be a valid web service policy ExactlyOne
assertions. To valid this assertion it should contains either
1) <throttle:IsAllow>true|false</throttle:IsAllow>
Or
2) <wsp:All>
<throttle:MaximumCount>number -
int</throttle:MaximumCount>
<throttle:UnitTime>Time window in millisecond
</throttle:UnitTime>
<throttle:ProhibitTimePeriod
wsp:Optional="true">millisecond
</throttle:ProhibitTimePeriod>
</wsp:All>
In the case of both are present, the order in which they are present make
the priority. (first one get priority).
IsAllow – This assertion indicates that the given IP or Domain are fully
allowed( in the case of value is 'true') or are fully denied. This is used
in order to avoid any computation when just some one has to be denied or
allowed.
Second one (WS All assertion ) is used to control the access. The means of
attributes are as follows.
MaximumCount – Maximum number of access for a given peroid of time (Time
window). (required attribute)
UnitTime _ The time window that 'MaximumCount' is applicable.(Required
attribute)
ProhibitTimePeriod – If the 'MaximumCount' has been gone before , 'UnitTime'
is over. Then implicitly access is prohibited for time period (UnitTime –
the time that notify 'MaximumCount' has been gone.).If some one want to
override this default behavior , the 'ProhibitTimePeriod' has to be given
expilitily. This is a optional attribute.
Note : The value for IP can be single or range.
The value of domain can be single(c.a.com) or multiple (*.a.com)
There is a special value , called 'other'. This indicates all the IPs or
domains excluding explicitly defined values in the policy.
Please refers to the sample 371 (synapse_sample_371.xml)
In your configuration, policy has to changed either
1) If you want to control access
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:throttle="
http://www.wso2.org/products/wso2commons/throttle";>
<throttle:ThrottleAssertion>
*<wsp:All>*
* <throttle:ID throttle:type="IP">193.54.39.29</throttle:ID>
<wsp:ExactlyOne>
<wsp:All>
<throttle:MaximumCount>number -
int</throttle:MaximumCount>
<throttle:UnitTime>Time window in
millisecond</throttle:UnitTime>
<throttle:ProhibitTimePeriod
wsp:Optional="true">millisecond
</throttle:ProhibitTimePeriod>
</wsp:All>
</wsp:ExactlyOne>
</wsp:All>*
</throttle:ThrottleAssertion>
</wsp:Policy>
2) If you want to full allow or deny
<wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy";
xmlns:throttle="
http://www.wso2.org/products/wso2commons/throttle";>
<throttle:ThrottleAssertion>
* <wsp:All>
<throttle:ID throttle:type="IP">193.54.39.29</throttle:ID>
<wsp:ExactlyOne>
<throttle:IsAllow>true|false</throttle:IsAllow>
</wsp:ExactlyOne>
</wsp:All>*
</throttle:ThrottleAssertion>
</wsp:Policy>
Please refers to sample (370,371)
Thanks
Indika
