Merge pull request #56 from f5devcentral/matt

Rate Limiting

docs/class4/module3/lab2/lab2.rst

@@ -1,11 +1,47 @@
 Rate Limiting protection
 ========================
 
+There are many ways to do Rate Limiting in F5XC. In this lab, we will focus on API Protection Rate Limiting. 
 
+The goal is to rate limit an endpoint at risk because we discovered an attack or it is a shadow API we are not sure if we should allow or block it.
 
-Subtitle 1
-----------
+Enable Rate Limiting from the Security Dashboard
+------------------------------------------------
 
-Sub Sub title 2
-^^^^^^^^^^^^^^^
+* Go to the Security Dashboard and into your application API Endpoints screen.
+
+  .. image:: ../pictures/security-endpoints.png
+    :align: center
+    :scale: 50%
+
+* Select ``/api/colors`` and click on the 3dots (...)
+* Edit Rate Limiting
+* The Rate Limiting config is preset automatically, keep ``1sec`` Threshold
+
+  .. image:: ../pictures/rl-colors.png
+    :align: center
+    :scale: 50%
+
+* Apply, Apply ... till Save
+
+Test your Rate Limiting config
+------------------------------
+
+It is time to run a traffic generator script to simulate traffic load
+
+* SSH or WEBSSH to the Jumphost
+* Run this script into /home/ubuntu/api-protection-lab folder
+
+.. code-block:: none
+
+   cd /home/ubuntu/api-protection-lab
+   bash rate-limit.sh sentence-re-$$makeId$$.workshop.emea.f5se.com
+
+* You can see a respone code 429 - Too Many Requests
+
+.. code-block:: HTML
+
+  <html><head><title>Error Page</title></head>
+  <body>The requested URL was rejected. Please consult with your administrator.<br/><br/>
+  Your support ID is a8c0fa99-7f85-4c81-b245-2d7d94457f8a<h2>Error 429 - Too Many Requests</h2>F5 site: tn2-lon<br/><br/><a href='javascript:history.back();'>[Go Back]</a></body></html>