Posted November 7, 2024Nov 7 Hello, I've been finding the documentation on the Bot Management to be very limiting from Citrix. I'm looking to implement rate-limiting for a specific application with a global based BOT policy. For the rate-limit type I can do type: Session which the allows me to specify a specific cookie name to rate-limit off. If an application generates a cookie for each session lets call it "AppSession" and each cookie for each client has a unique value . Does the Netscaler itself track each session by the unique value of each individual client for the cookie specified in the policy? Lets say for example i want to limit to no more than 2 requests over a 1 second interval. In what scenarios would i specify a rate limit condition? If i wanted to narrow down to a specific url or other indicator? Client With regards to the captcha config on the bot management profile. Is that just a spot where you configure the captcha service you want to use for mitigation for say IP reputation? or does the netscaler itself perform the captcha? Thanks,
November 18, 2024Nov 18 Hi @Josh Slaney If you want to use more than one analytical condition (e.g., URL + SRCIP + SESSION cookie), I don’t think the BOT management feature is the right solution. You will need to use the Rate Limit functionality. This means configuring a stream selector, then a rate limit identifier, and finally a traffic rate policy https://docs.netscaler.com/en-us/citrix-adc/current-release/appexpert/rate-limiting
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.