Forum Discussion

Satoshino's avatar
Satoshino
Icon for Cirrus rankCirrus
Apr 30, 2021

Irule Trigger two times

Hi, I created this irule in order to set rate limit based on source IP: when RULE_INIT {     set static::maxRate 4     set static::windowSecs 10     log local0. "Var Creation"      }   when HTTP_R...
devops
iRules
LTM
  • jaikumar_f5's avatar
    jaikumar_f5
    Apr 30, 2021

    Looking at the logs at glance, its actually 2 requests not 1 requests.

    You are stating the below is just 1 request.

    first request:
Apr 30 10:06:24 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 192.168.19.12
Apr 30 10:06:24 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 0 before increase
Apr 30 10:06:24 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 1 after increase
Apr 30 10:06:25 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 192.168.19.12
Apr 30 10:06:25 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 1 before increase
Apr 30 10:06:25 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 2 after  increase

    But if we look at the Irule of yours, in HTTP_REQUEST event, your 1st piece of code itself is logging the client ip [IP::client_addr]. Comparing that with the above logs, we can see that it got triggered twice in line 2 & line 5, so its actually 2 HTTP_REQUEST not one. You may think its 1 request, but its actually 2.

    May be there was some image, html, json resource references were their in the page you 1st queried & then second would been that call.

     

    Can you open your developer tool when sending the the requests & see what's all flowing in the network chart.

jaikumar_f5's avatar
jaikumar_f5
Icon for MVP rankMVP

Looking at the logs at glance, its actually 2 requests not 1 requests.

You are stating the below is just 1 request.

first request:
Apr 30 10:06:24 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 192.168.19.12
Apr 30 10:06:24 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 0 before increase
Apr 30 10:06:24 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 1 after increase
Apr 30 10:06:25 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 192.168.19.12
Apr 30 10:06:25 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 1 before increase
Apr 30 10:06:25 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 2 after  increase

But if we look at the Irule of yours, in HTTP_REQUEST event, your 1st piece of code itself is logging the client ip [IP::client_addr]. Comparing that with the above logs, we can see that it got triggered twice in line 2 & line 5, so its actually 2 HTTP_REQUEST not one. You may think its 1 request, but its actually 2.

May be there was some image, html, json resource references were their in the page you 1st queried & then second would been that call.

 

Can you open your developer tool when sending the the requests & see what's all flowing in the network chart.

Satoshino's avatar
Satoshino
Icon for Cirrus rankCirrus
May 25, 2021

Hi,

 

you right, was browser fault

 

Thanks you