Forum Discussion

Nimbostratus

1 day ago

F5 rate limiting with Irule

Hello, I need to rate limit 2req/s on some specific url with irule. my F5 is behind a proxy, so i need to get client ip address with x-forwarded-for. can you share with me some irule? Best regards

Injeyan_Kostas

MVP

3 hours ago

Hello AldoSergio

you could try this

when HTTP_REQUEST 
{
    set xff [HTTP::header "X-Forwarded-For"]
    
    if { $xff ne "" } 
	{
        set client_ip [lindex [split $xff ","] 0]
        set client_ip [string trim $client_ip]
    } 
	else 
	{
        set client_ip [IP::client_addr]
    }

    if { [HTTP::uri] starts_with "/your/protected/path" } 
	{
        set key "ratelimit_${client_ip}"
        set rate_limit 2
        set window 1

        set req_count [table lookup -notouch $key]

        if { $req_count eq "" } 
		{
            table set $key 1 $window $window
        } 
		elseif { $req_count < $rate_limit } 
		{
            table incr -notouch $key
        } 
		else 
		{
            HTTP::respond 429 content {
                <html><body><h1>429 Too Many Requests</h1>
                <p>Rate limit exceeded. Please slow down.</p></body></html>
            } "Content-Type" "text/html" \
              "Retry-After" "1"
            return
        }
    }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)