Forum Discussion
no-idea-what-im
Nimbostratus
NimbostratusExponential backoff iRule and True-Client-IP HTTP header
Hi, I am working on using the exponential backoff iRule (https://devcentral.f5.com/wiki/irules.POST-Request-Exponential-Backoff.ashx) to help with some suspicious login attempts. The issue I ...
no-idea-what-imNimbostratus
NimbostratusI appreciate all of the help. It has given me some great ideas.
Here is what I have so far, in case anyone is interested. It seems to be working for me in my lab environment, but much more testing will need to happen.
I am sure it can be cleaned up and optimized, so feel free to do so if you are so inclined.
when RULE_INIT {
set static::min_lockout 2
set static::max_lockout 300
set static::logging 1
}
priority 100
when HTTP_REQUEST {
if { [HTTP::header exists "True-Client-IP"] } {
set trueclientip [HTTP::header "True-Client-IP"]
} else {
set trueclientip [IP::client_addr]
}
set static::session_id "$trueclientip"
set static::state_table "[virtual name]-exp-backoff-state"
}
priority 200
when HTTP_REQUEST {
if { [HTTP::uri] contains "signin" and [HTTP::method] contains "POST"} {
set prev_attempts [table lookup -subtable $static::state_table $static::session_id]
if { $prev_attempts eq "" } { set prev_attempts 0 }
exponential backoff - http://en.wikipedia.org/wiki/Exponential_backoff
set new_lockout [expr (1 << ($prev_attempts-1))]
if { $new_lockout > $static::max_lockout } {
set new_lockout $static::max_lockout
} elseif { $new_lockout < $static::min_lockout } {
set new_lockout $static::min_lockout
}
table incr -subtable $static::state_table $static::session_id
table timeout -subtable $static::state_table $static::session_id $new_lockout
if { $static::logging > 0 } {
log local0. "signin POST request ([expr ($prev_attempts+1)]) from $static::session_id received during lockout period, updating lockout to ${new_lockout}s"
}
}
}
