I need an irule to decline/refuse/ an incomming tcp session from a source to a vip (ip address/port)
I need an irule to decline/refuse/ an incomming tcp session from a source to a vip (ip address/port) if that source has aleady "n" number of connections open. I am using Fast layer 4 LTM configuration
So for every incomming TCP SYN from a /32 source to a vip (destination ip and port)
-> the irule should verify the amount of open connections from that source to the vip it requests a connection for (destination ip and port)
-> if the amount of "open" connections is lower than a configured value > the connections is allowed
-> if the amount of "open" connections is higher than a configured value > the connection is refused
As I am not used ti create Irules I am a bit lost, ps I don't have ASM on the F5
Can someone help please ?
I plan to use this
# Limit each client IP address to 20 concurrent connections
when CLIENT_ACCEPTED {# Check if the subtable has over 20 entries
if { [table keys -subtable connlimit:[IP::client_addr] -count] >= 20 } {
reject
} else {# Add the client IP:port to the client IP-specific subtable
# with a max lifetime of 180 seconds
table set -subtable connlimit:[IP::client_addr] [TCP::client_port] "" 180
}
}when CLIENT_CLOSED {
# When the client connection is closed, remove the table entry
table delete -subtable connlimit:[IP::client_addr] [TCP::client_port]
}
https://community.f5.com/t5/technical-articles/advanced-irules-tables/ta-p/290369
https://clouddocs.f5.com/api/irules/table.html#:~:text=If%20no%20timeout%20is%20specified,timeout%20will%20not%20be%20changed.