Exponential back off on failed logins

when RULE_INIT {  set static::min_timeout 2  set static::max_timeout 86400  set static::debug 1}when CLIENT_ACCEPTED {  set static::session_id "[IP::remote_addr]:[TCP::remote_port]"  set static::state_table "[virtual name]-exp-backoff-state"}when HTTP_REQUEST {  if { [HTTP::method] eq "POST" } {    set prev_attempts [table lookup -subtable $static::state_table $static::session_id]    if { $prev_attempts > 0 } {       exponential backoff - http://en.wikipedia.org/wiki/Exponential_backoff      set new_timeout [expr (((1 << $prev_attempts)-1)/2)]      if { $new_timeout > $static::max_timeout } {        set new_timeout $static::max_timeout      } elseif { $new_timeout < $static::min_timeout } {        set new_timeout $static::min_timeout      }      table incr -subtable $static::state_table $static::session_id      table timeout -subtable $static::state_table $static::session_id $new_timeout        if { $static::debug > 0 } {        log local0. "POST request from $static::session_id received during lockout period, updating timeout to ${new_timeout}s"      }       send TCP reset to client      reject       alternatively respond with content - http://devcentral.f5.com/wiki/iRules.HTTP__respond.ashx       HTTP::respond 200 content     } else {      table add -subtable $static::state_table $static::session_id 1 $static::min_timeout      if { $static::debug > 0 } {        log local0. "Added $static::session_id to exponential backoff state table"      }    }  }}

Hi bmeshier,

If you're still working on implementing this algo, I wrote a tech tip and an updated iRule for it. Check it out here: http://devcentral.f5.com/Tutorials/...tacks.aspx

-George