This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Spike Arrest policy triggering error even with requests available

Posted on 08-16-2023 12:59 PM
2rpmatheus
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

We are testing the Spike Arrest policies of our proxies lately and the error messages returned seem unpredictable. Sometimes it's triggered when there are still requests available and sometimes it's not triggered even after surpassing the limit configured.

Here's how the policy is written:

Screenshot from 2023-08-16 16-52-50.png

The trace results:

Screenshot from 2023-08-16 16-29-29.png

 

 

 

 

Error returned:

Screenshot from 2023-08-16 16-39-00.png

Is this how it's supposed to be? If yes, is there any configuration to make it more intuitive?

Solved Solved
0 1 93
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
razvanbulzan
Staff
Reply posted on --/--/---- --:-- AM

The behavior you're expecting falls more under the actual behavior of a quota policy instead of a spike arrest.

Spike arrest divides the amount of requests from minutes to seconds in order to prevent attacks.

The following example sets the rate to 12 per minute:

 
<SpikeArrest name="Spike-Arrest-1">
  <Rate>12pm</Rate>
  <UseEffectiveCount>true</UseEffectiveCount>
</SpikeArrest>

This sample policy allows a maximum of 12 requests per minute at the rate of one request per 5 second (60/12) interval. If there is more than one request in the 5 second interval, such requests are allowed (no smoothing) provided the number of requests is less than the configured rate limit of 12 per minute.

If your expected behavior is for your requests to add up until 9 and then return an error code, using a quota is what you're looking for.

Here is a video explaining the main differences between the two.



View solution in original post

Jump to Solution
1 REPLY 1

Posted on --/--/---- --:-- AM
razvanbulzan
Staff
Reply posted on --/--/---- --:-- AM

The behavior you're expecting falls more under the actual behavior of a quota policy instead of a spike arrest.

Spike arrest divides the amount of requests from minutes to seconds in order to prevent attacks.

The following example sets the rate to 12 per minute:

 
<SpikeArrest name="Spike-Arrest-1">
  <Rate>12pm</Rate>
  <UseEffectiveCount>true</UseEffectiveCount>
</SpikeArrest>

This sample policy allows a maximum of 12 requests per minute at the rate of one request per 5 second (60/12) interval. If there is more than one request in the 5 second interval, such requests are allowed (no smoothing) provided the number of requests is less than the configured rate limit of 12 per minute.

If your expected behavior is for your requests to add up until 9 and then return an error code, using a quota is what you're looking for.

Here is a video explaining the main differences between the two.



Jump to Solution