Forum Discussion
Sajin
Nimbostratus
NimbostratusHow to block traffic coming to particular URI based on the defined rate limit and connection limit
Hi, I have a requirement to block traffic coming to particular URI for the LTM VIP based on the rate limit and connection limit defined by application team. Application team would like to see the nu...
SajinNimbostratus
NimbostratusJust to add on my above question, here is the iRule I have written and looking for a modification to make the above requirement work:
when RULE INIT {
set static::maxRate 100
set static: windowSecs 1
}
when HTTP REQUEST {
if { ([HTTP::host] eq "test.abc.com") } {
if { ([HTTP::uri] starts with "/common/xyz" ) }
{
set variables
set limiter [string tolower [HTTP: uri]]
set clientip limitervar [IP: :client_addr]
if { $get count < $static::maxRate } {
incr get count 1
log local0. get count
table set $get_count indefinite $static: :windowsecs
} } else {
log local0. "Sclientip_limitervar has exceeded the number of requests allowed." drop
return
}
}
}
Nikoolayy1
MVP
MVPYou are going in the right way with the table command, so keep at it.
You can get ideas from my code for ASM rate limit:
- Sajin
Hi Nikoolay, the traffic on the homepage and other URI's also getting impacted with this iRule. I think need to have some modifications on this rule.
- Nikoolayy1
I gave you my irule as an example about how to make yours not as a copy/paste solution. In my irule on some places, I have not added or uncommented added "if { [class match [HTTP::uri] equals URIs_to_throttle] } {" also this device group should include URI that you want to limit the requests to.
if { ! ( [class match $cIP_addr equals ip_whitelist] ) && ( [class match [HTTP::uri] equals URIs_to_throttle] )} {