I am trying to use IIS Dynamic IP Restrictions to throttle requests from the same IP address. The module works for me, and the requests change the throttling if I change the dynamic constraint settings from the IIS interface. This is nice, but I need to have different bids for different URLs. Input must be, for example, more strict than static resources. I am trying to use locationsin web.config to achieve this.
<configuration>
<location path="foo">
<system.webServer>
<security>
<dynamicIpSecurity enableLoggingOnlyMode="true">
<denyByRequestRate enabled="true" maxRequests="1"
requestIntervalInMilliseconds="5000" />
</dynamicIpSecurity>
</security>
</system.webServer>
</location>
</configuration>
Unfortunately, this does not apply. I am absolutely sure that this has nothing to do with my application, because it does not work on a static website with a single HTML file. I am also sure that the location path is correct, because requests are blocked if I add ...<deny users="*" />.
source
share