Forum Discussion
bezeqint
Nimbostratus
NimbostratusiRule to mitigate attack
hello,
i need to protect mail servers from a virus attack.
we have a network with users. some of them are using the mail servers, some of them are attacking the mail servers. we see th...
hooleylist
Cirrostratus
CirrostratusI did basic functional testing of this iRule. It would be great if you could do some performance testing for it and let me know if you see any issues. I'm particularly interested in seeing what increase in TMM CPU and memory utilization you see.
Thanks, Aaron
Purpose: Limit each client to X connections per second
when RULE_INIT {
Max number of connections per client IP per second
set static::max_conns 10
Log debug to /var/log/ltm? 1=yes, 0=no
set static::conn_debug 1
}
when CLIENT_ACCEPTED {
Use a subtable name specific to the client IP and current second
set subtable "connlimit:[IP::client_addr]_[clock seconds]"
Add the client port to the client IP-specific subtable with a 2 second timer and timeout.
For counting we don't care if the subtable has extra entries as we move onto a new subtable every second.
table set -subtable $subtable [TCP::client_port] "" 2 2
if {$static::conn_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Added new key [TCP::client_port]\
to table, $subtable, count: [table keys -subtable $subtable -count] / max: $static::max_conns"}
Check if the subtable has over X entries
set count [table keys -subtable $subtable -count]
if { $count >= $static::max_conns } {
if {$static::conn_debug}{log local0. "[IP::client_addr]:[TCP::client_port]: Over limit count: $count / max: $static::max_conns"}
Drop the connection
drop
Or apply a rateclass
rateclass rateclass1
}
}