I have set up a cloud armor rule to deny request coming from same ip after n attempts. My config is given below
I ran jmeter to hit the api continuously with 1 req per second. start time - 12:37:00 end time - 12:55:00
success api hit timestamp is avialble in the below pic - success_1 success_2
since i am hitting 1 req per sec , all the other request which are not in the above pic sent to the api pic are failures.For ex:
NOTE : I did the same testing again from 13:15:34 till 13:35:00. But this time after the first 10 request , i faced ban from 13:15:44 to 13:30:33 and 7-10 request got sucess (attached an image below for this) and then the failure (deny) started again.
Questions :
- How much time does the ban occur for ? For the first run , first ban was for 5 minutes, whereas during the second run , the first ban was for 15 minutes.
- Inconsistency in response. Randomly during the ban duration instead of getting deny , my api sent a successfull response. This happens only for 1 request and the request after that are getting denied as expected.
- Inconsistency in Ban duration. First ban time for an IP is only 5 mins (ban duration config). After that ban duration , 40+ request got successfull , then after 12:43:00 , I am getting api failure till 12:55:00 (for more than 12 minutes). I have stopped the kmeter script at 12:55:00.