Forum Discussion

xin_li_90490's avatar
xin_li_90490
Icon for Nimbostratus rankNimbostratus
Mar 25, 2005

limit frequent http GET

my website use bigip3400. and now a problem occured.someone from one session accessed our website, but about 3 http gets in 1 second. how can I limit it?
application delivery
dev
devops
iRules
  • bl0ndie_127134's avatar
    bl0ndie_127134
    Historic F5 Account
    Mar 25, 2005
    Please refer to this posting, I think it may be what you are looking for.

     

     

    http://devcentral.f5.com/default.aspx?tabid=28&forumid=5&postid=1990&view=topic
  • xin_li_90490's avatar
    xin_li_90490
    Icon for Nimbostratus rankNimbostratus
    Mar 26, 2005
    I had seen the subject and I think that is not the same with my problem.that is how to limit current connections from one ip address.My problem is how to limit http GET from one connection. how can I judge when the http GET finished? whether or not I need to set a time to limit the amount of http GET at that time?
  • bl0ndie_127134's avatar
    bl0ndie_127134
    Historic F5 Account
    Mar 26, 2005
    Typically HTTP 1.x clients try to reuse the TCP connection so it’s quite common to see multiple GET requests on the same connection; some within a very short amount of time.

    Here is an example that demonstrates how to set the upper limit on the number of requests on a keep-alive connection. 

    when HTTP_RESPONSE { 
    if {[HTTP::request_num] > 2} { 
       HTTP::close 
    }  
 }

    Limiting the request rate on the other hand is a little bit trickier for a lot of reasons. Could you tell us a little bit more what you are looking for?

  • xin_li_90490's avatar
    xin_li_90490
    Icon for Nimbostratus rankNimbostratus
    Mar 28, 2005
    if I use this rule, does it work that the keep-alive function?

     

    and why you think i am trickier? I just want to know how to limit the http GET in a connection. isn't it a problem?
  • xin_li_90490's avatar
    xin_li_90490
    Icon for Nimbostratus rankNimbostratus
    Mar 28, 2005
    now the guy use a search engine to access our website. so he send lots of http GET in one connection. so I want to limit it, but I expect the rule will not affect the common user. what can I do?
  • unRuleY_95363's avatar
    unRuleY_95363
    Historic F5 Account
    Mar 29, 2005
    If you are only concerned about limiting the number of requests on the current connection, you can do something like this: 

      
 when HTTP_REQUEST { 
    set cur_time [clock seconds] 
    if { [HTTP::request_num] > 1 } { 
       if { $cur_time == $start_time } { 
          if { $reqs_sec > 3 } { 
             HTTP::respond 503 Retry-After 2 
          } 
          incr reqs_sec 
          return 
       } 
    } 
    set start_time $cur_time 
    set reqs_sec 0 
 }

    After 3 requests per sec, this will respond with a 503 Server unavailable and Retry-After of 2 seconds.