This documentation is for WSO2 Enterprise Service Bus version 4.8.1 . View documentation for the latest release.

All docs This doc

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3

The "wso2throttle" module is for controlling client access to web service engine. Access throttling can be configured at a global level, service level or operation level. To configure the "wso2throttle" module on a service level, see Throttling.

Follow the instructions below to configure the "wso2throttle" module on a global level.

1. In the "Deployed Modules" page, click on the "Configure" link associated with the "wso2throttle" module (To access the "Deployed Modules" page, see Configuring Modules).

2. The "Global Throttling Configuration " page appears.

3. In the "Enable Throttling" list, select "Yes" from the drop-down menu.

4. The existing throttle configuration appears in the wizard.

WSO2 Carbon global throttling configuration

5. Click "Add New Entry."

WSO2 Carbon global throttling configuration


To enter new parameters or modify existing parameters, select "Control" in the "Access" column.

6. Specify the parameters of a service.

Parameters for Throttling Configuration:

  • Range - The IP address range or the domain is restricted from accessing the service. Requests from such clients will be restricted based on the specified values.
  • Type - This indicates the type of Range. It can be IP or DOMAIN. It should be IP if the range is given as a single IP address or a range of IP addresses (for example, It should be DOMAIN if the range is given as as a domain (for example, * If you specify configurations types of both IP and DOMAIN, first priority will be given to DOMAIN level configurations.
  • Maximum Request Count (MRC) - If  Access is set to Control, it will be the maximum number of requests that are served within the time interval specified by the Unit Time parameter.
  • Unit Time (UT) - The time period in milliseconds during which the maximum requests served. This is the number specified by the Maximum Request Count. The throttle starts counting the number of units from the moment it is enabled and the number of requests served within that period.
  • Prohibit Time Period (PTP) - If the maximum request count is achieved before the unit time, this is the period during which no more requests are allowed to go in. By setting this value, the unit time slot is altered.
  • Access
    • Allow - Means that no restriction is applied for that range and all requests are allowed to go in as they come in.
    • Deny - Means that access is completely denied for that range.
    • Control - Allows to modify the parameter.

      When the Access is set to "Allow" or "Deny," MRC, UT and PTP parameters are not necessary and the said fields are deactivated. If it is "Control," then the specified constraints are applied for that particular range.

  • Actions - Allows to delete a parameter.


MRC = 50

UT = 50000

PTP = 5000

If 50 requests are arrived within 35000ms (35s) in a particular time period, no more requests are taken in for another 5000ms (5s = PTP). This time the UT is altered to 35000ms + 5000ms = 40000ms (40s)


Instructions on how to configure the "wso2throttle" module in WSO2 ESB.