This documentation is for WSO2 ESB version 4.5.0. View documentation for the latest release.

Sample 371: Restricting Requests Based on Policies

Objective: Demonstrate the use of throttle mediator for restricting request counts

<definitions xmlns="http://ws.apache.org/ns/synapse">
    <sequence name="main">
        <in>
            <throttle id="A">
                <policy>
                    <!-- define throttle policy -->
                    <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
                                xmlns:throttle="http://www.wso2.org/products/wso2commons/throttle">
                        <throttle:MediatorThrottleAssertion>
                            <wsp:Policy>
                                <throttle:ID throttle:type="IP">other</throttle:ID>
                                <wsp:Policy>
                                    <throttle:Control>
                                        <wsp:Policy>
                                            <throttle:MaximumCount>4</throttle:MaximumCount>
                                            <throttle:UnitTime>800000</throttle:UnitTime>
                                            <throttle:ProhibitTimePeriod wsp:Optional="true">1000
                                            </throttle:ProhibitTimePeriod>
                                        </wsp:Policy>
                                    </throttle:Control>
                                </wsp:Policy>
                            </wsp:Policy>
                            <wsp:Policy>
                                <throttle:ID throttle:type="IP">10.100.1.160 - 10.100.1.165</throttle:ID>
                                <wsp:Policy>
                                    <throttle:Control>
                                        <wsp:Policy>
                                            <throttle:MaximumCount>5</throttle:MaximumCount>
                                            <throttle:UnitTime>800000</throttle:UnitTime>
                                            <throttle:ProhibitTimePeriod wsp:Optional="true">100000
                                            </throttle:ProhibitTimePeriod>
                                        </wsp:Policy>
                                    </throttle:Control>
                                </wsp:Policy>
                            </wsp:Policy>
                        </throttle:MediatorThrottleAssertion>
                    </wsp:Policy>
                </policy>
                <onAccept>
                    <log level="custom">
                        <property name="text" value="**Access Accept**"/>
                    </log>
                    <send>
                        <endpoint>
                            <address uri="http://localhost:9000/services/SimpleStockQuoteService"/>
                        </endpoint>
                    </send>
                </onAccept>
                <onReject>
                    <log level="custom">
                        <property name="text" value="**Access Denied**"/>
                    </log>
                    <makefault>
                        <code value="tns:Receiver"
                              xmlns:tns="http://www.w3.org/2003/05/soap-envelope"/>
                        <reason value="**Access Denied**"/>
                    </makefault>
                    <property name="RESPONSE" value="true"/>
                    <header name="To" action="remove"/>
                    <send/>
                    <drop/>
                </onReject>
            </throttle>
        </in>
        <out>
            <throttle id="A"/>
            <send/>
        </out>
    </sequence>
</definitions>

Prerequisites:

  • Deploy the SimpleStockQuoteService in sample Axis2 server and start it on port 9000.
  • Start ESB with the sample configuration 371 (i.e. wso2esb-samples -sn 371).

Above configuration specifies a throttle mediator inside the in mediator. Therefore, all request messages directed to the main sequence will be subjected to throttling. Throttle mediator has policy, onAccept and onReject tags at the top level. Policy tag specifies the throttling policy to be applied for messages. It contains some IP address ranges and the maximum number of messages to be allowed for those ranges within a time period given in "UnitTime" tag. "ProhibitTimePeriod" tag specifies the time period to prohibit further requests after the received request count exceeds the specified time. Now run the client 5 times repetitively using the following command to see how throttling works.

ant stockquote -Dsymbol=IBM -Dmode=quote -Daddurl=http://localhost:8280/

For the first four requests you will get the quote prices for IBM as follows.

[java] Standard :: Stock price = $177.20143371883802

You will receive the following response for the fifth request.

[java] org.apache.axis2.AxisFault: **Access Denied**

Maximum number of requests within 800000 milliseconds is specified as 4 for any server (including localhost) other than the explicitly specified ones. Therefore, our fifth request is denied by the throttle mediator. You can verify this by looking at the ESB console.

[HttpServerWorker-1] INFO  LogMediator - text = **Access Accept**
[HttpServerWorker-2] INFO  LogMediator - text = **Access Accept**
[HttpServerWorker-3] INFO  LogMediator - text = **Access Accept**
[HttpServerWorker-4] INFO  LogMediator - text = **Access Accept**
[HttpServerWorker-5] INFO  LogMediator - text = **Access Denied**