Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Icon for Nimbostratus rank

Nimbostratus

Nov 14, 2011

Exponential back off on failed logins

I'm trying to implement an exponential back off to thwart dictionary attacks. I'm currently being hit by over 5,000+ unique IPs, so linear rate limiting is not an effective solution.

http://en.wikipedia.org/wiki/Exponential_backoff

Using the algorithm below, where 'T' is seconds before they can attempt another login and 'c' is the number of failed attempts.

T(c) = (2^c -1) / 2

I'm comfortable with general iRule aspects but tying in time with subtables is throwing me for a loop. If anyone wants to give it a crack, for simplicity write an exponential back off for any POST request.

application delivery

3 Replies

No RepliesBe the first to reply

AppWorld Berlin iRules Contest!

DevCentral News

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

DevCentral News

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5