Forum Discussion
Hello Andrej.
It's very simple to do it with APM
But you can use it also with an iRule (there are many on devcentral).
https://devcentral.f5.com/s/articles/limit-connections-from-client
KR,
Dario.
- Andrej_KrnacNimbostratus
Dario many thanks for nice references but my concern is a bit more complex. I would like to restrict number of TCP connection just for dedicated 5 IP addresses on LAN network. I am looking for information how to create some static list of IP@ or define those host for which I just want enforce maximum number of TCP sessions. Other IP outside of list would be unrestricted. Any idea how to define such static IP list?
This is very simple to get it.
You can set a condition to not execute the additional code if the source IP doesn't match a data-group called "my_ip_dg".
when CLIENT_ACCEPTED { if { not ( [class match [IP::client_addr] equals my_ip_dg] ) } { return } } when CLIENT_CLOSED { if { not ( [class match [IP::client_addr] equals my_ip_dg] ) } { return } }
If you have the chance, I recommend you to implement your connection limit using table variables. Here an example.
https://devcentral.f5.com/s/articles/advanced-irules-tables-20451
KR,
Dario.