There are various inbound policies that can be set when setting up the API Management Service on Microsoft Azure. Having these policies will help rejecting the requests arrive at your endpoints even before they hit the endpoint's internal security logics. In another aspect, you might get your web traffic overloaded due to many reasons. In such scenarios, you can limit them with the inbuilt policies in API Management Service.
In order to explain them in this article, I am picking the default Echo API. When you go to All Operations, you can see similar to the image below.
Then click on 'Add Policy' link to add a new policy.
All the available default options will be shown there. Lets walkthrough some of them.
1. Filter IP Addresses
You can simply enter the Allowed IPs as well as Blocked IPs. A range of IPs can be given. If you have a Virtual Machine with a static IP, that can be set here easily.
2. Limit Call Rate
Limit call rate option allows limiting the number of calls sent by a particular API subscription or by an Address or other custom scenario to be limited for a particular duration.
In this example, I have limited the number of calls a particular IP address can make within 60 seconds to 1000. In the increment condition I can pickup either any request or requests that previously sends particular status codes. (eg: Successful requests, Bad requests).
3. Set Query Parameters and Set Headers
Set headers and set parameters do logically same thing. Which is modifying the parameters or headers before it hits the backend.
As it can be seen in the above image, you can either override, skip, append or delete the header or parameter.
These are some of the basics. We will know more in the next articles.