-
Getting Started with NetScaler
-
Solutions for Telecom Service Providers
-
Load Balance Control-Plane Traffic that is based on Diameter, SIP, and SMPP Protocols
-
Provide Subscriber Load Distribution Using GSLB Across Core-Networks of a Telecom Service Provider
-
Authentication, authorization, and auditing application traffic
-
Basic components of authentication, authorization, and auditing configuration
-
-
Web proxy support for outbound calls to IDP or third party endpoints
-
Web Application Firewall protection for VPN virtual servers and authentication virtual servers
-
On-premises NetScaler Gateway as an identity provider to Citrix Cloud™
-
Authentication, authorization, and auditing configuration for commonly used protocols
-
Troubleshoot authentication and authorization related issues
-
-
-
-
-
-
-
Configure DNS resource records
-
Configure NetScaler as a non-validating security aware stub-resolver
-
Jumbo frames support for DNS to handle responses of large sizes
-
Caching of EDNS0 client subnet data when the NetScaler appliance is in proxy mode
-
Use case - configure the automatic DNSSEC key management feature
-
Use Case - configure the automatic DNSSEC key management on GSLB deployment
-
-
-
Source IP address whitelisting for GSLB communication channels
-
Use case: Deployment of domain name based autoscale service group
-
Use case: Deployment of IP address based autoscale service group
-
-
Persistence and persistent connections
-
Advanced load balancing settings
-
Gradually stepping up the load on a new service with virtual server–level slow start
-
Protect applications on protected servers against traffic surges
-
Retrieve location details from user IP address using geolocation database
-
Use source IP address of the client when connecting to the server
-
Use client source IP address for backend communication in a v4-v6 load balancing configuration
-
Set a limit on number of requests per connection to the server
-
Configure automatic state transition based on percentage health of bound services
-
-
Use case 2: Configure rule based persistence based on a name-value pair in a TCP byte stream
-
Use case 3: Configure load balancing in direct server return mode
-
Use case 6: Configure load balancing in DSR mode for IPv6 networks by using the TOS field
-
Use case 7: Configure load balancing in DSR mode by using IP Over IP
-
Use case 10: Load balancing of intrusion detection system servers
-
Use case 11: Isolating network traffic using listen policies
-
Use case 12: Configure Citrix Virtual Desktops for load balancing
-
Use case 13: Configure Citrix Virtual Apps and Desktops for load balancing
-
Use case 14: ShareFile wizard for load balancing Citrix ShareFile
-
Use case 15: Configure layer 4 load balancing on the NetScaler appliance
-
-
-
-
Authentication and authorization for System Users
-
-
-
Configuring a CloudBridge Connector Tunnel between two Datacenters
-
Configuring CloudBridge Connector between Datacenter and AWS Cloud
-
Configuring a CloudBridge Connector Tunnel Between a Datacenter and Azure Cloud
-
Configuring CloudBridge Connector Tunnel between Datacenter and SoftLayer Enterprise Cloud
-
Configuring a CloudBridge Connector Tunnel Between a NetScaler Appliance and Cisco IOS Device
-
CloudBridge Connector Tunnel Diagnostics and Troubleshooting
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Tool-based rate limiting for MCP Gateway
MCP clients can trigger repeated tool calls (tools/call), which can overload backend MCP servers and degrade the overall experience. Traditional HTTP-level throttling is often too coarse because it cannot differentiate between MCP methods or tools. Customers need MCP-aware rate limiting that can apply limits by tool name and user identity.
NetScaler® provides MCP-aware, tool-based rate limiting to enforce limits on MCP tool/execution requests by parsing MCP JSON-RPC payloads and applying thresholds per user or globally per tool. NetScaler enforces these rate limits by extracting the tool name from the JSON-RPC request body and optionally combining it with the authenticated user identity. This enables granular control of MCP tool/execution rates while returning a protocol-compliant error message that MCP clients can parse.
Some of the benefits are:
- Protect backend MCP servers from overload due to a large number of tool calls.
- Apply different limits for different tools (tool-level control).
- Support per-user limits for fairness and abuse prevention.
- Support global limits for total load per tool across all users.
- Return MCP-compatible JSON-RPC error responses (client-friendly).
Use cases
This feature can be used in the following scenarios:
- Define a per-user tool call limit: Restrict how frequently each user can call a specific tool, for example search or create operations.
- Define a global tool call limit: Limit the total number of tool calls across all users for a high-cost tool.
- Define DoS protection: Block spikes of
tools/calltraffic while returning a parseable JSON-RPC error to clients.
Points to note
- Payload verification: Ensure that traffic checking relies on application or JSON Content-Type headers to isolate MCP JSON-RPC payloads.
- JSON path filtering: Use JSON path expressions to target and isolate tools or call methods before tracking limits, preventing unrelated methods from triggering rate limits.
- Error response integrity: Always return JSON-RPC-compatible error payloads to prevent parsing issues on client applications.
- Evaluation order: Always evaluate and bind per-user policy limits before global policy limits to enforce client fairness first.
Prerequisites
Ensure that the following requirements are met:
- MCP Gateway is configured and receives MCP traffic.
- User identity is available when using per-user rate limiting (
AAA.USER.NAME). - Streaming selectors are enabled and available for extracting JSON fields from request bodies.
- You have administrative access permissions to create stream selectors, limit identifiers, responder actions and policies, and bind these policies to the target load balancing virtual servers.
Limitations
- Rate limiting is applied only to requests that match your configured policy condition (such as
tools/call). Other MCP methods bypass throttling unless additional matching rules are explicitly written and bound. - Per-user rate limiting requires a reliable user identity (
AAA.USER.NAME). If a user identity is not available, use global rate limiting or an alternative identity source.
Configure rate limiting by using the CLI
-
Create a responder action to rate-limit responses (JSON-RPC).
Create a responder action that returns an MCP-compatible JSON-RPC error response. This preserves the JSON-RPC version and ID from the incoming request.
add responder action mcp_ratelimit_resact respondwith q<"HTTP/1.1 200 OK\r\nContent-Type: application/json\r\n\r\n{\"jsonrpc\":\"" + http.req.body(100000).xpath_json(xp%/jsonrpc%) + "\",\"id\":" + http.req.body(100000).xpath_json(xp%/id%) + ",\"result\": {\"isError\": true, \"content\":[{\"type\":\"text\",\"text\":\"Error: You have hit the rate limit. Please try again later.\"}]}}"> <!--NeedCopy--> -
Configure a per-user tool rate limiting.
Configure a per-user rate limiting that applies a limit per tool name per user. The selector extracts the tool name from
params/nameand combines it withAAA.USER.NAME.add stream selector mcp_tool_per_user_sel "HTTP.REQ.BODY(100000).XPATH_JSON(xp%/params/name%)" AAA.USER.NAME add ns limitIdentifier mcp_tool_per_user_limid -timeSlice 120000 -selectorName mcp_tool_per_user_sel add responder policy mcp_tool_per_user_respol "http.req.header(\"Content-Type\").EQ(\"application/json\") && http.req.body(100000).xpath_json(xp%boolean(//method)%) && http.req.body(100000).xpath_json(xp%/method%).eq(\"tools/call\") && sys.check_limit(\"mcp_tool_per_user_limid\")" mcp_ratelimit_resact <!--NeedCopy--> -
Configure a global tool rate limiting.
Configure a global rate limiting that applies a limit per tool name across all users. The selector extracts only the tool name from
params/name.add stream selector mcp_tool_global_sel "HTTP.REQ.BODY(100000).XPATH_JSON(xp%/params/name%)" add ns limitIdentifier mcp_tool_global_limid -timeSlice 120000 -selectorName mcp_tool_global_sel add responder policy mcp_tool_global_respol "http.req.header(\"Content-Type\").EQ(\"application/json\") && http.req.body(100000).xpath_json(xp%boolean(//method)%) && http.req.body(100000).xpath_json(xp%/method%).eq(\"tools/call\") && sys.check_limit(\"mcp_tool_global_limid\")" mcp_ratelimit_resact <!--NeedCopy--> -
Bind policies to the load balancing virtual server.
Bind the per-user policy first, then the global policy. The per-user policy uses
NEXTso the global policy can still apply when needed. The global policy usesENDto stop further processing once the global limit is reached.bind lb vserver lb_app1_mcp -policyName mcp_tool_per_user_respol -priority 10 -gotoPriorityExpression NEXT -type REQUEST bind lb vserver lb_app1_mcp -policyName mcp_tool_global_respol -priority 20 -gotoPriorityExpression END -type REQUEST <!--NeedCopy-->
Note:
Tool-based rate-limiting behavior becomes active by default for matching requests as soon as you apply these policy bindings to your load balancing virtual servers. No separate global command or feature toggle is required.
Troubleshooting
Rate limiting not triggering
Verify that Content-Type is application/json and that the JSON-RPC method equals tools/call.
Per-user limit not working
Verify AAA.USER.NAME is populated for the request and AAA authentication is in place.
Unexpected responses
Confirm the responder action returns a JSON-RPC payload and preserves jsonrpc and id fields.
Order issues
Confirm that per-user policy priority is lower (evaluated first) than global policy and goto expressions are set as intended.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.