Forum Discussion

____177053's avatar
____177053
Icon for Cirrus rankCirrus
Sep 20, 2017

How to limit http request rate

I wants to limit http request rate for some of URIs such as "/a" "/b" "/c",and I wrote one but it didn't work:   when HTTP_REQUEST { set start_time [clock seconds] set reqs_sec 0 if { [HTTP::reque...
application delivery
iRules
  • ____177053's avatar
    ____177053
    Sep 20, 2017

    This one works! when HTTP_REQUEST {

    set lrqst 10
set ltime 10
set rtime 5
if {[table lookup -notouch -subtable "blacklist" [HTTP::uri]] != "" }{
    reject
    log local0.warn "reject"
}
elseif { [table lookup -notouch -subtable "clientxdlist" [HTTP::uri]] == "" }{
    table set -subtable "clientxdlist" [HTTP::uri] 1 indefinite $ltime
}
elseif { [table lookup -notouch -subtable "clientxdlist" [HTTP::uri]] < $lrqst}{
    table incr -subtable "clientxdlist" [HTTP::uri]
}
else {
    table set -subtable "blacklist" [HTTP::uri] 1 indefinite $rtime
}

    }

Jad_Tabbara__J1's avatar
Jad_Tabbara__J1
Icon for Cirrostratus rankCirrostratus
Sep 20, 2017

Hi,

I think the following confition in your irule never match 

    if { [clock seconds] == $start_time } { 
        log local0. "time:$start_time" 
        if { $reqs_sec > 3 } { 
        reject 
        log local0. "reject from [IP::client_addr]" 
        } 
        incr reqs_sec 
        return 
    }

Review this one. Indead "[clock seconds]" will return the clock in second at the time execute and your variable $start_time was set before, so it will never match...