...
To limit the number of anonymous requests to 250 per hour, add a Service Tier row to the Client Throttling configuration with the following settings:
Condition |
---|
...
request.isUserInRole('anonymous') | |
Limit |
...
250 | |
Period |
...
HOUR |
Validating the Request
An additional step that can be taken to prevent invalid requests from invoking a Pipeline would be to add an Authorized Request Validator Policy. This policy can perform arbitrary checks on the incoming request using expressions. If an expression evaluates to true, the request is rejected with a custom HTTP status code and response body. In the case of the Pet Store API’s pet endpoint, there are a limited number of path parameters that are supported. Therefore, we can add this policy to the project with the following check to make sure the paths are valid:
Condition |
|
---|---|
Status | 400 |
Response | 'Expecting a numeric pet ID' |
...