Forum Discussion
NimbostratusHow to limit number concurent sessions per user IP on F5
Dear Gents,
I would like to ask about idea how is possible restrict number TCP concurrent sessions per a user source IP. Moreover I am interested if is possible to create static list (just 10 IPs) of source IPs for which si such restriction enforced. Any idea would be highly welcomed. Many thanks, Regards Andy
3 Replies
Dario_GarridoNoctilucent
Hello Andrej.
It's very simple to do it with APM
But you can use it also with an iRule (there are many on devcentral).
https://devcentral.f5.com/s/articles/limit-connections-from-client
KR,
Dario.
Andrej_KrnacDario many thanks for nice references but my concern is a bit more complex. I would like to restrict number of TCP connection just for dedicated 5 IP addresses on LAN network. I am looking for information how to create some static list of IP@ or define those host for which I just want enforce maximum number of TCP sessions. Other IP outside of list would be unrestricted. Any idea how to define such static IP list?
- Dario_Garrido
This is very simple to get it.
You can set a condition to not execute the additional code if the source IP doesn't match a data-group called "my_ip_dg".
when CLIENT_ACCEPTED { if { not ( [class match [IP::client_addr] equals my_ip_dg] ) } { return } } when CLIENT_CLOSED { if { not ( [class match [IP::client_addr] equals my_ip_dg] ) } { return } }If you have the chance, I recommend you to implement your connection limit using table variables. Here an example.
https://devcentral.f5.com/s/articles/advanced-irules-tables-20451
KR,
Dario.
