Advanced Rate Limiting Question


I’d like to setup a few Rate Limiting rules (using Advanced Rate Limiting). However I’m not sure if the use case I have will work using Advanced Rate Limiting, so I’d like to ask if someone can help me validate my understanding of how it works after reading some documentation.

I’d like to count the number of requests based on two different characteristics of the response headers (ex. Header1 and Header 2).

Then I’d I’d like to match requests to /endpointX, and if there’s a counter with the same values as the ones provided in the request headers Header1 and Header2 with a value > LIMIT, then block the request.

The reason why I want to increment the counter based on the response headers and not on the request headers, is because I don’t want to allow a malicious user manipulating the headers to increment the wrong counters (ex. blocking others).

Can someone please help me validate if that’s possible?