For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Patrik_Jonsson's avatar
Patrik_Jonsson
Icon for MVP rankMVP
Apr 17, 2014

I agree with Mohammad fully, and think that Corys rule is a better choice if you are want to block the Chinese users.

But if you still want to throttle users you can try this one (against my recommendation :).

when CLIENT_ACCEPTED {

    How how long should the limit be
    set lifetime 60
    The maximum number of connections allowed
    set connectionlimit 3

    Add a table entry with a lifetime in seconds of the value of $connectionlimit.
    table add [IP::client_addr] 1 indefinite $lifetime

    if { [table incr [IP::client_addr]] > $connectionlimit } {

        If the user has surpassed the connection limit we drop the connection
        You can change this to reject if you want
        drop
    }
}

Tt would not distinguish between failed attempts and successful ones, which means that with the example iRule above you would be able to open 3 successful connections in 60 minutes, anything above that would be dropped until the table timeout has been reached. You can excempt ie office IPs but if it's supposed to be accessible by anyone it's hard to keep track of it if the list is big.

The rule would still allow a number of guesses at passwords per connection, depending on your OS.

/Patrik