Throttling allows you to limit the number of hits on Web application resources during a given period of time. Resource-level throttling is introduced;
- to protect your Web applications from common types of security attacks such as denial of service (DOS).
- to regulate traffic according to infrastructure availability.
- to make Web application resources available to a consumer at different levels of services, usually for monetization purposes.
WSO2 App Manager has three default throttling tiers as gold, silver, and bronze. Each tier defines a maximum number of Web application resource requests per minute as follows.
|Throttling tier||Maximum number of Web application resource requests allowed|
|Bronze||Allows 1 request for the Web app per minute|
|Silver||Allows 5 requests for the Web app per minute|
|Gold||Allows 20 requests for the Web app per minute|
In addition, there is also a special tier called unlimited, which allows unlimited access. Set the value of the
<EnableUnlimitedTier> property of the
<TierManagement> element to false in the
<APPM_HOME>/repository/conf/app-manager.xml file, to disable unlimited access.
Resource-level throttling for Web applications
By default every HTTP verb of a Web application resource is assigned to the unlimited tier. However, when creating a Web application in the App Publisher, you can define resource-level throttling in a resource policy in the Policies section as follows.
You can define a throttling tier to each Web application resource at HTTP verb level. In addition, you can add a new URL pattern and configure throttling tiers for each of the HTTP verbs of it. To define a throttling tier to a Web application resource, you need to define it in the resource policy as shown above, and select that resource policy for the corresponding Web app resource in the Step 3 - Web Application Resources section, when creating the Web app as shown below.
When a Web application invocation request is sent, it checks whether that request is allowed by the defined resource level throttling limit. If it is allowed, you can invoke the Web application up to the resource-level throttling limit. If the limit exceeds, the request is terminated.