Forum Discussion
Any way to keep same valuable over different connections?
Hi,
I want to detect and discard the client which sends too many HTTP requests within specific time period (for ex, 10,000 requests within one minute) by using iRule. However I can not find the way to count the number of request from same client over different tcp connection. If iRule can keep one valuable over different connection, I believe it can makes me very happy. Is there any idea?
Shin
- I just realized this post has never been answered.
Yes, there are two general ways you can keep a value over different connections.
The first is through the use of a global Tcl variable. This is done by referencing the empty namespace with the variable (ie, ::varname). However, you do still need to first create the variable which the RULE_INIT event is usually useful for. So, for example, if you wanted to count the total number of connections currently connected to a server you could do something like:rule open_conn { when RULE_INIT { set ::total_conns 0 } when SERVER_CONNECTED { incr ::total_conns if { $::total_conns > 100 } { log "Server conns exceeded 100" } } when SERVER_CLOSED { incr ::total_conns -1 } }
The disadvantage to using a Tcl global variable or array is that it will last forever (or until tmm is restarted). This can be dangerous if you are using an array that could potentially continuously grow and eventually consume a lot of memory. To address this we created the session table. This is similar to a Tcl array except that it will time out after a period of inactivity.
The following post contains the syntax of the session command:
http://devcentral.f5.com/default.aspx?tabid=28&view=topic&forumid=5&postid=1990 Click here
These commands can then be used to access/update keyed values that live for a period of time across connection boundaries. The mode values are the same as for persistence and refer to the type of key provided. The source_addr mode is convenient for IP addresses, and the hash and uie modes are useful for strings.
