issue with irule

Hi Amit,

to log a specific client IP just once for a given URI, you have to implement techniques that maintains a state across different TCP connections. This can be achived on the server-side using the

[table]

Scenario 1: Using the session table

when RULE_INIT {
    set static::log_interval 5 ; seconds
}
when HTTP_REQUEST {
    if { ( [string tolower [HTTP::uri]] starts_with "/xyz" ) and 
         ( [table lookup "[IP::client_addr]_logs" ] eq "" ) } then {
        log local0.debug "Client IP address: [IP::client_addr] has requested /xyz"
        table set "[IP::client_addr]_logs" "1" indef $static::log_interval
    }
}

Note: Keep in min that this technique would consume some memory for each stored

[IP::client_addr]

Scenario 2: Using HTTP cookies

when RULE_INIT {
    set static::log_interval 5 ; seconds
}
when HTTP_REQUEST {
    if { ( [string tolower [HTTP::uri]] starts_with "/xyz" ) and 
         ( [HTTP::cookie value "log_cookie"] ne [IP::client_addr] ) } then {
        log local0.debug "Client IP address: [IP::client_addr] has requested /xyz"
        set log_cookie 1
    }
}
when HTTP_RESPONSE {
    if { [info exist log_cookie] } then {
        unset -nocomplain log_cookie
        HTTP::header insert "Set-Cookie" "log_cookie=[IP::client_addr]; Max-Age=$static::log_interval"
    }
}

Note: Maintaining a cookie based session state wouldn't require memory ressources on your LTM, so you may use an almost indefinite log_interval. But keep in mind that this technique requires that the browsers do have to support cookies (which is normaly the case). In addition it would also log certain client IPs multiple times if more than one browser was used on a given client IP (e.g. Terminal Servers)

Cheers, Kai