Forum Discussion

pds_71160's avatar
Icon for Nimbostratus rankNimbostratus
Oct 10, 2011

http throttle BEFORE reverse proxy/ NAT?

Would an http throttle iRule have priority (be executed before) reverse proxy or NAT configuration?







5 Replies

  • not sure if this is what you are looking for.



    sol9038: The order of precedence for local traffic object listeners




    if not, could you please explain a little bit more?
  • Hello,



    we are trying to limit traffic from clients who could issue too many requests in too short of a time.



    But we are not sure how an iRule script doing this limiting would interact with a reverse proxy for example.
  • Hi PDS,



    I believe that an iRule like this is what you are asking for:



    To answer your question about how the limiting would interact with a reverse proxy... It would depend on your setup. If you have multiple users that are NAT'ed into a single IP Address then you would need to engage something like a OneConnect profile to insure that each TCP Connection was treated as an individual user, so that subsequent requests would not get throttled (treating new users as requests as requests from an "existing" user). If you did that then it would limit the behavior of the iRule to that TCP Connect / Individual Client.



    Hope this helps.
  • I think PDS is asking if the throttling could be done before TMM translates the client IP to its own source IP. If that's the question, yes, you can throttle based on the original client IP. If you're throttling based on layer 4 connections you can use [IP::client_addr] to get the client IP in the CLIENT_ACCEPTED event. For HTTP request based throttling, you can throttle in the HTTP_REQUEST event.