ocnsinc_68625
May 10, 2012Nimbostratus
Connection Limit iRule not rejecting concurrent sessions as expected
Hi --
The below iRule was enabled on a specific V/S to reject more than one session for a given unique source IPADDR. After enabling the iRule, rejection notifications are logged in the "ltm" syslog. However, when checking the member servers in the V/S pool, some concurrent sessions are still getting through the iRule. Does any see an issue with the below iRule or know of any other issue that may cause the iRule to partially work?
Thanks --
====================================================
when RULE_INIT {
array set ::Connections { }
}
when CLIENT_ACCEPTED {
set ipaddr [IP::remote_addr]
set tcpPrt [TCP::client_port]
log local0. "Client Accepted from $ipaddr"
if { [info exists ::Connections($ipaddr)] } {
set tcpport $::Connections($ipaddr)
log local0. "Reject Client Session from $ipaddr:$tcpPrt - "
log local0. " --> Session Entry $ipaddr:$tcpport, in progress ..."
reject
return
} else {
set ::Connections($ipaddr) $tcpPrt
set tcpport $::Connections($ipaddr)
log local0. "Created Session Entry for $ipaddr:$tcpport ..."
}
}
when CLIENT_CLOSED {
if { [info exists ::Connections($ipaddr)] } {
set tcpport $::Connections($ipaddr)
log local0. "Remove Session Entry $ipaddr:$tcpport ..."
unset ::Connections($ipaddr)
}
}
====================================================