0
<security>
  <dynamicIpSecurity enableLoggingOnlyMode="false" enableProxyMode="true">
    <denyByConcurrentRequests enabled="true" maxConcurrentRequests="10" />
    <denyByRequestRate enabled="true" maxRequests="30" requestIntervalInMilliseconds="500" />
  </dynamicIpSecurity>
  <ipSecurity enableProxyMode="true" allowUnlisted="false" >
    <add allowed="true" ipAddress="1.2.3.4" subnetMask="255.255.255.255" />
  </ipSecurity>
  <requestFiltering>
    <requestLimits maxAllowedContentLength="524288000" />
  </requestFiltering>
</security>

The Web App consists of ASP.NET 6. With this definition, if 10 requests were made at the same time, more than 11 requests were expected to be rejected at 403. However, I started 100 concurrent threads in Apache Meter and made 50 repeated requests, but never 403. Is there a mistake in the definition?

Sunderam Dubey
  • 1
  • 11
  • 20
  • 40
John Smith
  • 1
  • Go through the [So-thread](https://stackoverflow.com/questions/74878703/jmeter-gets-504-gateway-timeouts-but-no-errors-on-azure-app-insights/74898535#74898535) it might solve your problem this is applicable for windows only not for linux. – Tarun Krishna Mar 11 '23 at 04:51

1 Answers1

0

As per documentation:

To support blocking a client on your Web server by the number of concurrent requests, you must install the IP and Domain Restrictions role service.

so you need to make sure that the above roles are installed and active.

With regards to JMeter ensure that you're not running it in Distributed Mode and IP Spoofing is not activated by any means.

Dmitri T
  • 159,985
  • 5
  • 83
  • 133