Connection Limit iRule not rejecting concurrent sessions as expected

Hi ocnsinc,

It looks like you've got the right idea here. One tip that will make things a lot easier for you will be to use the table command in place of an array. The TCL array with get initialize on every new connection therefore it won't maintain its contents across multiple connections. Each connection will have an array in memory with different contents. For this reason you cannot track connections using an array. A table however is stored in memory and is shared amongst all connections and TMM instances on the BIG-IP. Here is an iRule that is very similar to the one you wrote. It should provide the intended result:

when RULE_INIT {
     lifetime (in seconds) of connection tracker record(s), maximum length of time connection will be tracked if connection is not explicitly closed
    set static::lifetime 600
    
     logging - 0 = off, 1 = on; disable unless testing
    set static::logging 0
}

when CLIENT_ACCEPTED {
    set static::table_name [virtual name]_connection_tracker
    set conn [table lookup -subtable $static::table_name [IP::remote_addr]]

    if { $conn ne "" } {
         client already has an active connection, rejecting subsequent connection
        reject
        if { $static::logging == 1 } { log local0. "Rejecting connection from [IP::remote_addr]" }
    } else {
        table add -subtable $static::table_name [IP::remote_addr] 1 indef $static::lifetime
        if { $static::logging == 1 } { log local0. "Adding connection for [IP::remote_addr] to tracker" }
    }
}

when CLIENT_CLOSED {
    table delete -subtable $static::table_name [IP::remote_addr]
    if { $static::logging == 1 } { log local0. "Removing connection for [IP::remote_addr] from tracker" }
}

Hope that helps,

-George