Forum Discussion

Nimbostratus

Jul 02, 2014

Exponential backoff iRule and True-Client-IP HTTP header

Hi, I am working on using the exponential backoff iRule (https://devcentral.f5.com/wiki/irules.POST-Request-Exponential-Backoff.ashx) to help with some suspicious login attempts. The issue I ...

Employee

Jul 02, 2014

If I may elaborate, you can move all of the logic in the CLIENT_ACCEPTED event into the HTTP_REQUEST event, and then you have access to the HTTP headers. The beauty of these OSI-based events is that data collected in lower level events is available in upper level events. You can't see HTTP headers in CLIENT_ACCEPTED, because you're still at layer 4. But you can see IP and port information in HTTP_REQUEST because you're at layer 7 and all of the layer 4 data is accessible.

You also should not be using global static variables to hold state_table and session_id values. Those should just be regular variables.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Exponential backoff iRule and True-Client-IP HTTP header

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

POST Request Exponential Backoff

Implementing The Exponential Backoff Algorithm To Thwart Dictionary Attacks

Akamai True-Client-IP Header Persistence

Cloudflare True-Client-IP as Persistence

AKAMAI True-Client-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS