Forum Discussion

rajeshramhit_11's avatar
rajeshramhit_11
Icon for Nimbostratus rankNimbostratus
Sep 14, 2012

irule optimization suggestions required - ver 10.2.2 table commands - Dynamic rate limiting - for content blocking from source IP for particular path

Hi All,

 

 

Thanks to all of you who have been evry activity on these forums and providing solutions to F5 iRule coders

 

 

I have been one of the beneficiaries of this and it has been great so far :)

 

 

After Learning Table Commands post upgrade of our LTM to 10.2.2, i have been tasked to rate limit source IPs based on HTTP::path and provide a hande to NOC team to clear those blocks manually.

 

 

I have been able to create the same with the code below.N

 

 

Need to know if this is the best way to do this or if there is any optimization possible to save F5 CPU cycles

 

 

All helps and suggestion would be greatly appreciated. Hope this code also helps someone else out there in similar situation -

 

 

Best Regards

 

Rajesh Tripathi

 

+919833891119

 

 

=========================================================

 

 

when RULE_INIT {

 

 

set static::windowSecs 10

 

set static::maxquery 10

 

set static::holdtime 600

 

}

 

 

when HTTP_REQUEST {

 

 

switch [string tolower [HTTP::path]] {

 

 

"/linkadmin" { set response "Block List Tracking - \<br /> <br /> [clock format [clock seconds]]

 

 

Blocked List Tracking

 

 

[clock format [clock seconds]]

 

 

\

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Sr No. - IP : Http Path - Status Manual Clear

 

" set i 0 foreach key [table keys -subtable "blacklist"] { incr i table add -subtable "cleardata" $key "blocked" append response "

$i $key [table lookup -subtable "blacklist" $key]

 

" } append response ""

 

HTTP::respond 200 Content $response "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate"

 

 

}

 

 

 

"/cleardata" {

 

 

set clear [HTTP::query]

 

 

log local0. "clear query string $clear"

 

 

table delete -subtable "blacklist" $clear

 

 

log local0. "executed clear command"

 

 

HTTP::redirect "http://[HTTP::host]/linkadmin"

 

 

}

 

 

default {

 

 

set srcip [IP::remote_addr]

 

set reqPATH [HTTP::path]

 

 

if { [table lookup -subtable "blacklist" $srcip:$reqPATH] != "" } {

 

 

 

log local0. "Blocked IP: $srcip"

 

 

HTTP::respond 200 content "Blocked Src IPBlocked for this IP $srcip and path - $reqPATH " "Content-Type" "text/html"

 

 

} else {

 

 

 

 

set key "req:$srcip:$reqPATH"

 

 

set reqnum [table incr "req:$srcip:$reqPATH"]

 

 

set tbl "hitcount:$srcip:$reqPATH"

 

 

table set -subtable $tbl $reqnum "ignored" indef $static::windowSecs

 

 

if { [table keys -subtable $tbl -count] > $static::maxquery } {

 

 

table add -subtable "blacklist" $srcip:$reqPATH "blocked" indef $static::holdtime

 

 

set counter [table keys -subtable $tbl -count]

 

 

log local0. "Adding Requested Source IP to blocked list after $counter hits and deleting the subtable key $key and value of tabl $tbl"

 

 

table delete $key

 

 

HTTP::redirect "http://[HTTP::host][HTTP::uri]"

 

return

 

 

} else {

 

set reqnumber [table keys -subtable $tbl -count]

 

 

pool dr_tcsion

 

log local0. "Allowed request count number - $reqnumber from $srcip for path $reqPATH and reqnum is $reqnum "

 

 

}

 

 

}

 

 

}

 

}

 

}

 

No RepliesBe the first to reply