Forum Discussion
How to block traffic coming to particular URI based on the defined rate limit and connection limit
Just to add on my above question, here is the iRule I have written and looking for a modification to make the above requirement work:
when RULE INIT {
set static::maxRate 100
set static: windowSecs 1
}
when HTTP REQUEST {
if { ([HTTP::host] eq "test.abc.com") } {
if { ([HTTP::uri] starts with "/common/xyz" ) }
{
set variables
set limiter [string tolower [HTTP: uri]]
set clientip limitervar [IP: :client_addr]
if { $get count < $static::maxRate } {
incr get count 1
log local0. get count
table set $get_count indefinite $static: :windowsecs
} } else {
log local0. "Sclientip_limitervar has exceeded the number of requests allowed." drop
return
}
}
}
- Nikoolayy1Jan 14, 2023MVP
You are going in the right way with the table command, so keep at it.
You can get ideas from my code for ASM rate limit:
- SajinJan 26, 2023Nimbostratus
Hi Nikoolay, the traffic on the homepage and other URI's also getting impacted with this iRule. I think need to have some modifications on this rule.
- Nikoolayy1Jan 31, 2023MVP
I gave you my irule as an example about how to make yours not as a copy/paste solution. In my irule on some places, I have not added or uncommented added "if { [class match [HTTP::uri] equals URIs_to_throttle] } {" also this device group should include URI that you want to limit the requests to.
if { ! ( [class match $cIP_addr equals ip_whitelist] ) && ( [class match [HTTP::uri] equals URIs_to_throttle] )} {
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com