wso2 / api-manager

All issues, tasks, improvements and new features of WSO2 API Manager
Apache License 2.0
34 stars 8 forks source link

Advanced throttling policy along with IP condition shows unexpected behaviours when adding multiple IP conditions. #2103

Open riyazathali opened 1 year ago

riyazathali commented 1 year ago

Description

Hi Team,

Advanced throttling policy along with IP condition shows unexpected behaviours when adding more IP conditions.

Thanks, Riyazath Ali.

Steps to Reproduce

  - When creating a new API by engaging a newly created whitelisting policy which has the default limit as 0 requests/year and 2 IP conditions the flow is working fine without any issues. ``` Default policy 0 req per year First IP condition: 192.13.8.1 9 req per min Second IP condition: 127.0.0.1 3 req per min ``` - We performed the API invocation via Devportal UI. (So the IP address is 127.0.0.1). So, the request will be throttled out after 3 requests as per the second IP condition as expected.

- We changed the policy again by replacing 127.0.0.1 with 127.0.0.2. So when performing API invocation via dev-portal(127.0.0.1), the default policy(0 req per 1 year) will be applied and throttled out permanently as expected. ``` Default policy 0 req per year First IP condition: 192.13.8.1 9 req per min Second IP condition: 127.0.0.2 3 req per min ```

Again changed the policy by replacing 127.0.0.2 with 127.0.0.1. So, the expectation is when performing API invocation via dev-portal(127.0.0.1) as per the IP condition, the requests should be throttled out after 3 requests. But, it is throttling out continuously. ``` Default policy 0 req per year First IP condition: 192.13.8.1 9 req per min Second IP condition: 127.0.0.1 3 req per min ```

But, when we perform the API invocation with 127.0.0.2(via cURL), the requests are continuously whitelisted. But, the expectation is all the requests should be throttled out since the default policy is expected to be applied. ``` curl -X 'POST' \ 'https://localhost:8243/sampleapi/v1' \ -H 'accept: */*' \ -H 'Authorization: Bearer eyJ4NXQiOiJNell4TW1Ga09HWXdNV0kwWldObU5EY3hOR1l3WW1NNFpUQTNNV0kyTkRBelpHUXpOR00wWkdSbE5qSmtPREZrWkRSaU9URmtNV0ZoTXpVMlpHVmxOZyIsImtpZCI6Ik16WXhNbUZrT0dZd01XSTBaV05tTkRjeE5HWXdZbU00WlRBM01XSTJOREF6WkdRek5HTTBaR1JsTmpKa09ERmtaRFJpT1RGa01XRmhNelUyWkdWbE5nX1JTMjU2IiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiJhZG1pbiIsImF1dCI6IkFQUExJQ0FUSU9OIiwiYXVkIjoiMU9xU2RfM3R4UHc2dzd3VDRaNGplQ3M3NXJVYSIsIm5iZiI6MTY5MTc2NjE3MCwiYXpwIjoiMU9xU2RfM3R4UHc2dzd3VDRaNGplQ3M3NXJVYSIsInNjb3BlIjoiZGVmYXVsdCIsImlzcyI6Imh0dHBzOlwvXC9sb2NhbGhvc3Q6OTQ0M1wvb2F1dGgyXC90b2tlbiIsImV4cCI6MTY5MTc2OTc3MCwiaWF0IjoxNjkxNzY2MTcwLCJqdGkiOiIzM2FkZWY5Yi0wYmEyLTQyNWMtYjViYy0yMjU1ODk4MzdmODIifQ.SYFg3_cl4wj1JuCON4kCoBDPF2Tsv1dh1-ZuWwjexr7RHhT7cWbx-ldJBuIlv-uEfKxmXaaYKozII4g74WFZH6tNk44-xqiHa-inJKAVBKmdpG5FnYlPIFq7ubzWQEYT5CDuYkyij5pbXRyRR3plWMyxyd-eoUQUwSCmQuQNvp0AGkpBSjj31CW5ibBCTx6akzncQWVzrgYGxaztktiEiz3Z86mzD_3Nyz0erViu4oDu2ZqtHVHKB5Q7fVFBvtpL0fEw_zxo3L4ucVcuPcdq5XTolOfH26mPNP1ovuHYHZvAGCScDDR7Pt2WZbA6XBQHunfJwK9HZBqMv_UKOX0q7A' \ -d '' -k -H "X-Forwarded-For: 127.0.0.2" ``` ### Affected Component APIM ### Version 3.2.0 ### Environment Details (with versions) _No response_ ### Relevant Log Output _No response_ ### Related Issues _No response_ ### Suggested Labels _No response_

YasasRangika commented 9 months ago

Based on the comment added in the internal ticket, we must retest the entire IP whitelisting feature.