Forum Discussion
spalande
Nacreous
NacreousiRule to allow only POST method
I'm using iRule from wiki page where need to throttle http requests also need to allow only POST requests, others should be dropped. throttling works great but having issue with dropping other http methods. Also have requirement where F5 should return failure response with a randomized ‘retry-after’ value. Pls help.
iRule used is below
when RULE_INIT {
set static::maxRate 10
set static::windowSecs 3
set static::timeout 30
}
when HTTP_REQUEST {
set method [HTTP::method]
log local0. "http request is of $method"
if { $method eq "POST" } {
return
set postCount [table key -count -subtable [IP::client_addr]]
log local0. "postCount=$postCount"
if { $postCount < $static::maxRate } {
incr postCount 1
table set -subtable [IP::client_addr] $postCount "ignore" $static::timeout $static::windowSecs
log local0. "This user $user has exceeded the number of requests allowed."
HTTP::respond 501 content "Request blockedExceeded requests/sec limit."
} else {
drop }
}
}
2 Replies
IheartF5_45022Try this;
when RULE_INIT { set static::maxRate 10 set static::windowSecs 3 set static::timeout 30 } when HTTP_REQUEST { set method [HTTP::method] log local0. "http request is of $method" if { $method eq "POST" } { set postCount [table key -count -subtable [IP::client_addr]] log local0. "postCount=$postCount" if { $postCount < $static::maxRate } { incr postCount 1 table set -subtable [IP::client_addr] [expr {int (rand() * 10000)}] "ignore" $static::timeout $static::windowSecs return } else { log local0. "This user $user has exceeded the number of requests allowed." HTTP::respond 501 noserver Content "Request blockedExceeded requests/sec limit." Retry-After [expr {int (rand() * 100)}] return } } else { Return "Method not allowed" HTTP::respond 405 noserver return } }
spalandeMany thanks IheartF5. Can you please do 1 last favor and explain part
HTTP::respond 501 noserver Content "Request blockedExceeded requests/sec limit." Retry-After [expr {int (rand() * 100)}]
