Idea ID: 2874251

Improve AA's HTTPS aka REST API "Rate Limiting Options" parameter to consider X-Forwarded-For Request Header

Elfstone Elfstone
Status : New Idea

https://www.netiq.com/documentation/advanced-authentication-63/server-administrator-guide/data/rate_limiting_options.html

As described in the latest AA 6.4 documentation, the current rate limiting feature is virtually useless to organizations of any real size who, being naturally concerned with high availability, place their AA Webservers behind a load-balancer and/or reverse proxy (aka NAM Access Gateways).

Apparently, AA applies this protection mechanism by only examining the TCP layer. It needs to be further extended to examine this HTTPS layer 7 Request Header so that the limits can be applied to the true client IP, and not mistakenly seeing all connections as from all too common load-balancer or reverse proxy addresses in front of AA.

Resources

Support
Documentation
Training
CyberRes Academy
Partner Portal
Contact us
Compliance
Help
Company
Privacy Policy
Terms of Use
Accessibility
Anti-Slavery Statement
Support
How To Buy
Careers
Investor Relations
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.