Actually, an even simpler mechanism (I feel silly for not having realized this before) is to do this:
when CLIENT_ACCEPTED {
log local0. "..."
}
This will fire only when the TCP connection is opened. If you are still seeing multiple logs for the same source IP, then one of two things is happening: 1. the client is opening multiple connections, possibly simultaneously; or 2. there is a bug. 1 is much more likely. If you want to validate:
when CLIENT_ACCEPTED {
log local0. "Received client request from ([IP::client_addr]:[TCP::client_port]) -> ([IP::local_addr]:[TCP::local_port])"
}
If the source port changes across requests, then the client is definitely opening multiple connections. If the source port is the same, then a
tcpdump
will tell you what's really happening:
bash tcpdump -nni 0.0 tcp port 80 and host
where is the IP address of the Virtual Server to which the iRule is attached.