Forum Discussion
How to block traffic coming to particular URI based on the defined rate limit and connection limit
Hi, I have a requirement to block traffic coming to particular URI for the LTM VIP based on the rate limit and connection limit defined by application team.
Application team would like to see the number of connections coming to the URI and how many connections/ packets are getting dropped by irule in F5 logs.
We have LTM and ASM in our environment. But, I never dealt with ASM. Hence, any solution using irule will be appreciated.
- SajinNimbostratus
Just to add on my above question, here is the iRule I have written and looking for a modification to make the above requirement work:
when RULE INIT {
set static::maxRate 100
set static: windowSecs 1
}
when HTTP REQUEST {
if { ([HTTP::host] eq "test.abc.com") } {
if { ([HTTP::uri] starts with "/common/xyz" ) }
{
set variables
set limiter [string tolower [HTTP: uri]]
set clientip limitervar [IP: :client_addr]
if { $get count < $static::maxRate } {
incr get count 1
log local0. get count
table set $get_count indefinite $static: :windowsecs
} } else {
log local0. "Sclientip_limitervar has exceeded the number of requests allowed." drop
return
}
}
}
You are going in the right way with the table command, so keep at it.
You can get ideas from my code for ASM rate limit:
- SajinNimbostratus
Hi Nikoolay, the traffic on the homepage and other URI's also getting impacted with this iRule. I think need to have some modifications on this rule.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com