For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MSD_64294's avatar
MSD_64294
Icon for Nimbostratus rankNimbostratus
Oct 12, 2011

HTTP Request Throttle iRule help

Can anyone help me to understand how the 2nd iRule in the below page works     http://devcentral.f5.com/wiki/iRules.HTTPRequestThrottle.ashx       will that iRule only work for the ips ...
application delivery
dev
devops
iRules
John_Alam_45640's avatar
John_Alam_45640
Historic F5 Account
Oct 18, 2011
Your best bet is i-Rule 1.

 

 

Her is a version of i-Rule 1 that throttles all requests:

 

 

This is a complete rewrite that is CMP-friendly, see older TMOS v9 code below.

 

 

Request Throttling

 

 

This I-Rule allows only "maxRate" HTTP requests within "windowSecs" interval.

 

This version defaults to limiting POSTs. If you need to limit GETs and/or POSTs

 

See notes below.

 

It is possible to limit on a user basis. See notes below.

 

 

CMP compatible: Yes

 

 

This rule requires:

 

A default pool so that the session table can be used

 

 

05/20/2010, Irule revised to use CMP compatible commands.

 

- "static" is added to global variable names.

 

- arrays replaced with subtables.

 

 

This rule developed on:

 

TMOS v10.1.0 build 3341.0

 

LTM

 

 

 

 

when RULE_INIT {

 

set static::maxRate 5

 

set static::windowSecs 2

 

set static::timeout 30

 

}

 

 

when HTTP_REQUEST {

 

 

This I-Rule limits "POST" requests, if you want to limit GETs instead, replace

 

"POST" with "GET" in if statement below.

 

If you want to limit all types or requests, remove this "if" statement below as well as its

 

Corresponding curly bracket '\}' on or around line 67 clearly maked with a comment.

 

 

 

set myUserID "user"

 

 

set currentTime [clock seconds]

 

set windowStart [expr {$currentTime - $static::windowSecs}]

 

set postCount 0

 

 

PH stands for posthistory, a term from the original irule.

 

 

log -noname local0. "Table Keys [table keys -subtable 'PH:${myUserID}.${AES_key}']"

 

 

foreach { requestTime } [table keys -subtable "PH:${myUserID}"] {

 

count POSTs with start time > $windowStart, delete the rest

 

if { $requestTime > $windowStart } {

 

incr postCount 1

 

} else {

 

table delete -subtable "PH:${myUserID}" $requestTime

 

}

 

}

 

 

if { $postCount < $static::maxRate } {

 

add new record to array w/myUserID.rand + currentTime

 

set requestID "PH:${myUserID}"

 

table set -subtable $requestID $currentTime "ignored" $static::timeout

 

} else {

 

log -noname local0. "POST Rejected: current postCount for ${myUserID}: $postCount"

 

HTTP::respond 501 content "Request blockedExceeded requests/sec limit."

 

return

 

}

 

 

}