For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mrintzler's avatar
mrintzler
Icon for Nimbostratus rankNimbostratus
Feb 04, 2008

iRule causing ever-increasing TMM CPU utilization

I've adapted an iRule written by Deb Allen to rate limit (in count, not in bps) PDF downloads from one of our web applications. It basically counts the number of PDF's downloaded in the past 10 secon...
application delivery
dev
devops
iRules
mrintzler's avatar
mrintzler
Icon for Nimbostratus rankNimbostratus
Feb 07, 2008
You're exactly right. That was my problem. When I first implemented a version of this iRule, it was keyed off of the end-users IP address. Most of our customers will have the same IP address indefinitely, or at least for a long time. When I modified the iRule for a different application, I keyed the users by their session cookie, which changes each time they log in. As you pointed out, I only wipe their history from the array when they come back to download, so if a user comes back an hour later with a different session ID, their old entries in the array will be stuck their forever.

 

 

I've added the following code to periodically wipe the array. Since this is only to prevent extreme robotic abuse situations, it's ok to periodically lose the history for the previous 10 seconds:

 


      if { $::totalPDF > $::refreshint } {
array unset ::pdfHistory
log local0. "$::refreshint downloads reached.  Resetting array"
set ::totalPDF 0
      }

 

 

Thanks for all the responses!