This documentation is for WSO2 Business Rules Server 2.0.0.View documentation for the latest release.

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.

The wso2throttle module is for controlling client access to web service engine. Using the management console of a Carbon server, you can enable access throttling at global level, operational level or service level.  


  For instructions on enabling access throttling at a service level or operational level, refer to sections "Service Management -> Access Throttling" and "Service Management -> sections  Access Throttling and   Operation Management."

Follow the instructions below to configure the wso2throttle module on a global level.


  • Range - The IP address range or the domain is restricted from accessing the service. Requests from such clients will be restricted based on the specified values.
  • Type - This indicates the type of Range. It can be IP or DOMAIN. It should be IP if the range is given as a single IP address or a range of IP addresses (for example, It should be DOMAIN if the range is given as as a domain (for example, * If you specify configurations types of both IP and DOMAIN, first priority will be given to DOMAIN level configurations.
  • Maximum Request Count (MRC) - If  Access is set to Control, it will be the maximum number of requests that are served within the time interval specified by the Unit Time parameter.
  • Unit Time (UT) - The time period in milliseconds during which the maximum requests served. This is the number specified by the Maximum Request Count. The throttle starts counting the number of units from the moment it is enabled and the number of requests served within that period.
  • Prohibit Time Period (PTP) - If the maximum request count is achieved before the unit time, this is the period during which no more requests are allowed to go in. By setting this value, the unit time slot is altered.
  • Access**  
    • Allow - Means that no restriction is applied for that range and all requests are allowed to go in as they come in.
    • Deny - Means that access is completely denied for that range.
    • Control - Allows to modify the parameter.

When the Access is set to Allow or Deny , MRC, UT and PTP parameters are not necessary and the said fields are deactivated. If it is Control , then the specified constraints are applied for that particular range.