Forum Discussion

dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Nov 20, 2015

iRule to store cookie in table

Hi,   I am really iRule novice and so any advice, pointing in right direction will be of great help for me. I am short on time and have to create iRule with following logic:   Service behind F...
cookies
iRules
LTM
request limiting
security
dragonflymr's avatar
dragonflymr
Icon for Cirrostratus rankCirrostratus
Nov 20, 2015

I found such iRule:

 Limit each client IP address to 20 concurrent connections

when CLIENT_ACCEPTED {
 Check if the subtable has over 20 entries
    if { [table keys -subtable connlimit:[IP::client_addr] -count] >= 20 } {
        reject
    } else {
         Add the client IP:port to the client IP-specific subtable 
         with a max lifetime of 180 seconds
        table set -subtable connlimit:[IP::client_addr] [TCP::client_port] "" 180
    }
}

when CLIENT_CLOSED {
     When the client connection is closed, remove the table entry
    table delete -subtable connlimit:[IP::client_addr] [TCP::client_port]
}

What I don't get is

[table keys -subtable connlimit:[IP::client_addr] -count] >= 20

and

table set -subtable connlimit:[IP::client_addr] [TCP::client_port] "" 180

Counting seems to be performed on subtable named connlimit:[IP::client_addr] but adding keys is performed on subtable that seems to be named connlimit:[IP::client_addr] [TCP::client_port].

What's going on here?

Piotr