Forum Discussion
midhun_108442
Jan 21, 2012Nimbostratus
Help need to create a irule for limit Client Connection
Hi,
Can anyone help us to create a irule to limit number of client connection hitting to Virtual server , I got the same irule scenario in Dev central site for (iRule.Limit Connection from C...
hooleylist
Jan 24, 2012Cirrostratus
You can take Thomas's logic and store the hosts and/or networks in a data group with the values set for the connection limit.
Data group mapping hosts/networks to connection limit values
class conn_limit_dg {
network 10.0.0.0/8 { "5" }
network 192.168.0.0/16 { "5" }
host 172.16.1.1 {"10"}
}
From http://devcentral.f5.com/wiki/iRules.table.ashx
Limit each client IP address to 20 concurrent connections
when CLIENT_ACCEPTED {
Max connections per client IP
set limit [class match [IP::client_addr] equals conn_limit_dg]
Set a subtable name with a standard prefix and the client IP
set tbl "connlimit:[IP::client_addr]"
Use a key of the client IP:port
set key "[IP::client_addr][TCP::client_port]"
Check if the subtable has over X entries
if { [table keys -subtable $tbl -count] >= $limit } {
log local0. "[IP::client_addr]:[TCP::client_port]: Rejecting connection ([table keys -subtable $tbl -count] connections / limit: $limit)"
reject
} else {
Add the client IP:port to the client IP-specific subtable
with a max lifetime of 1800 seconds (30min)
table set -subtable $tbl $key "ignored" 1800
log local0. "[IP::client_addr]:[TCP::client_port]: Allowing connection ([table keys -subtable $tbl -count] connections / limit: $limit)"
}
}
when CLIENT_CLOSED {
When the client connection is closed, remove the table entry
table delete -subtable $tbl $key
log local0. "[IP::client_addr]:[TCP::client_port]: Decrementing ([table keys -subtable $tbl -count] connections / limit: $limit)"
}
Once you're done testing, make sure to comment out the log statements.
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects