Forum Discussion

AldoSergio's avatar
AldoSergio
Icon for Nimbostratus rankNimbostratus
Mar 18, 2026

F5 rate limiting with Irule

Hello,

I need to rate limit 2req/s on some specific url with irule. my F5 is behind a proxy, so i need to get client ip address with x-forwarded-for. can you share with me some irule?

Best regards

security

1 Reply

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for MVP rankMVP
    Mar 19, 2026

    Hello AldoSergio​ 

    you could try this

    when HTTP_REQUEST 
{
    set xff [HTTP::header "X-Forwarded-For"]
    
    if { $xff ne "" } 
	{
        set client_ip [lindex [split $xff ","] 0]
        set client_ip [string trim $client_ip]
    } 
	else 
	{
        set client_ip [IP::client_addr]
    }

    if { [HTTP::uri] starts_with "/your/protected/path" } 
	{
        set key "ratelimit_${client_ip}"
        set rate_limit 2
        set window 1

        set req_count [table lookup -notouch $key]

        if { $req_count eq "" } 
		{
            table set $key 1 $window $window
        } 
		elseif { $req_count < $rate_limit } 
		{
            table incr -notouch $key
        } 
		else 
		{
            HTTP::respond 429 content {
                <html><body><h1>429 Too Many Requests</h1>
                <p>Rate limit exceeded. Please slow down.</p></body></html>
            } "Content-Type" "text/html" \
              "Retry-After" "1"
            return
        }
    }
}