http throttle BEFORE reverse proxy/ NAT?

not sure if this is what you are looking for.

 

 

sol9038: The order of precedence for local traffic object listeners

 

http://support.f5.com/kb/en-us/solutions/public/9000/000/sol9038.html

 

 

if not, could you please explain a little bit more?

Hello,

 

 

we are trying to limit traffic from clients who could issue too many requests in too short of a time.

 

 

But we are not sure how an iRule script doing this limiting would interact with a reverse proxy for example.

Hi PDS,

 

 

I believe that an iRule like this is what you are asking for: http://devcentral.f5.com/wiki/iRules.HTTPRequestThrottle.ashx

 

 

To answer your question about how the limiting would interact with a reverse proxy... It would depend on your setup. If you have multiple users that are NAT'ed into a single IP Address then you would need to engage something like a OneConnect profile to insure that each TCP Connection was treated as an individual user, so that subsequent requests would not get throttled (treating new users as requests as requests from an "existing" user). If you did that then it would limit the behavior of the iRule to that TCP Connect / Individual Client.

 

 

Hope this helps.

I think PDS is asking if the throttling could be done before TMM translates the client IP to its own source IP. If that's the question, yes, you can throttle based on the original client IP. If you're throttling based on layer 4 connections you can use [IP::client_addr] to get the client IP in the CLIENT_ACCEPTED event. For HTTP request based throttling, you can throttle in the HTTP_REQUEST event.

 

 

http://devcentral.f5.com/wiki/iRules.client_accepted.ashx

 

http://devcentral.f5.com/wiki/iRules.http_request.ashx

 

http://devcentral.f5.com/wiki/iRules.ip__client_addr.ashx

 

 

Aaron

ok, fantastic, I've got all I need!