Forum Discussion
Jack_H_39707
Nimbostratus
NimbostratusIs there an IRules to control active connections?
Dear all, I am very new to F5 and would really appreciate if any of the members here could help me.
Is there an IRules which allow F5 to control the active connections? Meaning, If I allowed 20 connections at one time, the 21 connections will be redirected to an error page? Something like it can only let the next connections comes in when the current connections dropped below the allowed limit. I have tried with a help of few examples posted, most of it works on the preventing active concurrent connection.
- The_BhattmanHi Jack,
There is an excellent example in the code share that can be easily modified.
http://devcentral.f5.com/wiki/default.aspx/iRules/LimitConnectionsFromClient.html
In that example it's limiting the connetion from the client and rejecting the packets. You can then replace the reject command with a HTTP::respond 403 or HTTP::redirect "http://domain.com/error.page"
I hope this helps
Bhattman 
Jack_H_39707Dear Bhattman, thanks for yoru advise. The code works fine in rejecting. I have replaced the reject command with HTTP::redirect "http://mydomain.com/error.page" but it says HTTP::redirect does not applies to this event. Is there any thing else I need to define in the code?- The_BhattmanYou are right.
Here is another code that might work, it works based on cookies.rule session_limit { when RULE_INIT { array set ::active_sessions { } set ::total_active_clients 0 set ::max_active_clients 20 } when HTTP_REQUEST { if { not [info exists client_id] } { if { [HTTP::cookie exists "ClientID"] } { set client_id [HTTP::cookie "ClientID"] set need_cookie 0 } else { set client_id [string range [AES::key 128] 8 end] set need_cookie 1 } if { not [info exists ::active_sessions($client_id)] } { if { $::total_active_clients >= $::max_active_clients } { HTTP::redirect "http://mydomain.com/error.page" return } incr ::total_active_clients set ::active_sessions($client_id) 1 } else { incr ::active_sessions($client_id) } } } when HTTP_RESPONSE { if { $need_cookie } { HTTP::cookie insert name "ClientID" value $client_id set need_cookie 0 } } when CLIENT_CLOSED { if { [info exists client_id] and [info exists ::active_sessions($client_id)] } { incr ::active_sessions($client_id) -1 if { $::active_sessions($client_id) <= 0 } { unset ::active_sessions($client_id) incr ::total_active_clients -1 } } } }
Bhattman - Jack_H_39707Dear Bhattman, pardon me for asking again, if i set > "set ::max_active_clients 2" for testing. I am still able to access the url with 3 different pc on top of 2 pc. Is it suppose to work in this way or there is something that I need to re-fine in the code?
anthony_102289That looks great Bhattman! I am wondering what ways there are to remotely modify the global variable max_active_clients. I've worked out two ways but not sure if there is a better way,
1 - Use iControl to delete and recreate a dummy irule. On the creation of the irule it will automatically run the RULE_INIT routine and modify the global variable.
iRule - Dummy_Rule
when RULE_INIT {
set ::max_active_clients 30
log local0. "Changing max_active to $::max_active_clients"
}
2 - Use a data group to keep the variable and modify it with iControl. In this example MAX_USERS is a data group with one element.
Likely would need to move the creation of the variable into the "when HTTP_REQUEST" routine.
when HTTP_REQUEST {
set ::max_active_clients [class element 0 MAX_USERS]
Anthony- hoolio
Cirrostratus
Either option should work fine. You could also change the iRule to read the datagroup directly instead of a global variable and then use iControl to update the datagroup entry.
If you're on version 10.1+ you should use the table command instead of arrays. Hamish added an example to the Codeshare here:
http://devcentral.f5.com/wiki/default.aspx/iRules/HTTP_Session_Limit.html
Aaron
