iRule that will limit connections

Hi

 

 

I am trying to implement a very similar setup, I was finding that the client_close was triggering for both active clients and those being redirected, so I put a HTTP::close and a TCP::close after the redirect with an increment of the current active users thus triggering the client close and decrementing it again, this seemed to solve that issue.

 

 

My current problem is that client browser triggers the client_close after a period of inactivity (it seems to happen at different times for different browsers) at this point the number of active users gets decremented allowing a new user in, but the session cookie for the first user is still present so they can still gain access also, thus bursting the caps.

 

 

Any pointers anyone could give me with this would be gratefully received. See my irule below.

 

 

Thanks

 

 

David

 

 

when RULE_INIT {

 

set ::total_active_clients 0

 

set ::max_active_clients 1

 

log local0. "rule session_limit initialized: total/max: $::total_active_clients/$::max_active_clients"

 

}

 

when CLIENT_ACCEPTED {

 

log local0. "Client accepted"

 

log local0. "active clients $::total_active_clients"

 

}

 

when HTTP_REQUEST {

 

log local0. "current active clients $::total_active_clients"

 

; test cookie presence

 

if {[HTTP::cookie exists "ClientID"]} {

 

log local0. "active user with cookie making http request"

 

set need_cookie 0

 

set client_id [HTTP::cookie "ClientID"]

 

; if cookie not present & connection limit not reached, set up client_id

 

} else {

 

if {$::total_active_clients < $::max_active_clients} {

 

log local0. "http request from new client access granted. cookie set."

 

set need_cookie 1

 

set client_id [format "%08d" [expr { int(100000000 * rand()) }]]

 

log local0. "current active clients $::total_active_clients"

 

log local0. "new active client"

 

incr ::total_active_clients

 

log local0. "current active clients $::total_active_clients"

 

; otherwise redirect

 

} else {

 

log local0. "http request from non active connection denied"

 

HTTP::redirect "http://www.google.com"

 

incr ::total_active_clients

 

log local0. "attempting to close connection"

 

catch HTTP::close

 

catch TCP::close

 

return

 

}

 

}

 

}

 

when HTTP_RESPONSE {

 

; insert cookie if needed

 

if {$need_cookie == 1} {

 

HTTP::cookie insert name "ClientID" value $client_id

 

}

 

}

 

when CLIENT_CLOSED {

 

; decrement current connection counter for this client_id

 

log local0. "current active clients $::total_active_clients"

 

log local0. "client closed"

 

log local0. [IP::remote_addr]

 

if {$::total_active_clients > 0} {

 

log local0. "decremeting active clients"

 

incr ::total_active_clients -1

 

}

 

log local0. "current active clients

 

$::total_active_clients"

 

}