For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Dec 14, 2015

iRule - which option is better performance wise

Hi,   I need to reject request when given number of concurrent HTTP session is created (based on session cookie). So above limit I should not accept more requests.   I wonder which way will be le...
devops
http
iRules
LTM
performance
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Dec 14, 2015

Hmm,

I am not so sure about CLIENT_DATA after HTTP_REQUEST - at least it's not explicitly stated like that in article. I think HTTP_REQUEST_DATA might occur after HTTP_REQUEST.

I tried setting all three events and log execution. result is:

Dec 14 14:45:30 bigip11 info tmm1[5640]: Rule /Common/http_payload_v2 : CLIENT_ACCEPTED
Dec 14 14:45:30 bigip11 info tmm1[5640]: Rule /Common/http_payload_v2 : CLIENT_DATA
Dec 14 14:45:30 bigip11 info tmm1[5640]: Rule /Common/http_payload_v2 : HTTP_REQUEST

Not 100% sure if order of logging = order of execution but it sounds logical.

Piotr

  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Dec 14, 2015
    I don't think that CLIENT_DATA is triggered after HTTP_REQUEST, since CLIENT_DATA has been used in the past to parse SNI information during SSL-Handshakes (which obvouisly happens before any HTTP data is send). The lovely HTTP-Flow diagram does also states that CLIENT_DATA happend right before HTTP is getting parsed... https://devcentral.f5.com/s/feed/0D51T00006i7X94SAE