IIS different IP restriction for specific resource

Question

I'm building a website that has a "Deny by Request Rate" and a "Deny by Concurrent Requests" restriction. Right now the values for that (in the web.config file) are set pretty high:

<security>
    <dynamicIpSecurity denyAction="Forbidden">
        <denyByRequestRate enabled="true" maxRequests="120" requestIntervalInMilliseconds="3000"/>
        <denyByConcurrentRequests enabled="true" maxConcurrentRequests="30"/>
    </dynamicIpSecurity>
</security>

The reason for this are a couple of TinyMCE editors that all run on the same page. Every time an editor is instantiated it gets all the CSS and JS files from the server. Therefore every time this page is called the client requests like 80 files. Right now my approach is to just set this number as high as it needs to be for these TinyMCE resources (which is not very good for the remaining part of the page).

I would like to allow more requests for TinyMCE specific resources while restricting all the others more tightly. Is there a way to "whitelist" a certain path for these "Deny by" restrictions, or is there a better way to do this?

Answer 1

In the web.config of your site, add something like this directly under configuration

<location path="pathto/TinyMCE">
    <system.webServer>
        <security>
           <dynamicIpSecurity denyAction="Forbidden">
              <denyByRequestRate enabled="true" maxRequests="240" requestIntervalInMilliseconds="3000"/>
              <denyByConcurrentRequests enabled="true" maxConcurrentRequests="50"/>
           </dynamicIpSecurity>
        </security>
    </system.webServer>
</location>

Any settings inside the location node are only applied to requests that match the path specified.