Forum Discussion

Nimbostratus

Dec 04, 2015

iRule - URI/Referer Rate limit per minute

Dears, We have a customer which is getting some troubles with access coming from an specific referer/uri. These access are overloading the application, causing a lot of troubles to the business. ...

Historic F5 Account

Dec 06, 2015

The problem is that you are creating a record with an "indefinite" timeout period meaning, it will never go away.

The idea is that once a record is created for a URI in your case, that record should expire and automatically get deleted after a period of no Hits (when the URI is not seen/used).

So, change this command:

table set -subtable $limiter $get_count $limiter indefinite $static::windowSecs

Make it look like this:

table set -subtable $limiter $get_count $limiter $static::windowSecs $static::windowSecs

Here is a link to a throttling irule very similar to the one you are using:

https://devcentral.f5.com/codeshare/http-request-throttle

Note: The iRule provided at the link does not use subtables and, rather than adding records and counting them, it increments the value held within a record. This is a much better approach. Better performance and saves a lot of memory. Also the iRule at the link throttles by IP address, it should be easy for you to modify it to throttle by URI. Your iRule may cause the Bigip to run out of memory under extremely heavy Load.

HTH

Bruno_Esteves_2
Nimbostratus
Dec 09, 2015
Hi John, Thank you for your time. I tried adjust the table set like you said, but didn't work. It's possible see on var/log/ltm the increasing of get_count? I'm going to test this throttling irule today and see If everything works fine. Thanks. Bruno