For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Chittaranjan_11's avatar
Chittaranjan_11
Icon for Nimbostratus rankNimbostratus
Jan 09, 2017

Limit number of requests based on pid

We have a requirement to restrict requests based on pid and device_id. We want to drop requests when we get more than 100 Request per second from a specific Pid or Devide_id. Is it possible to achiev...
application delivery
LTM
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Jan 09, 2017

Hi Chittaranjan,

you may try one of the iRules below as a staring point.

The first iRule uses two independent counters to seperately track requests for a given PID or Device ID. And the second iRule uses a single counter to track requests for the combined PID and Device ID information.

iRule 1:

when HTTP_REQUEST {

     Track and enfoce request for specific PIDs

    if { [set pid [URI::query [HTTP::uri] "pid"]] ne "" } then {
        set count [table incr "PID_$pid"]
        if { $count == 1 } then {
            table set "PID_$pid" 1 indef 60
             Initialize table data and allow the request
        } elseif { $count < 100 } then {    
             Allow the request
        } elseif { $count == 100 } then {
             Log and block the request
            log local0.debug "Blocked [IP::client_addr] with PID \"$pid\". Too much requests..."
            HTTP::respond 503 content "Service temporary unavailable - too much request"
            return
        } else {
             Block the request
            HTTP::respond 503 content "Service temporary unavailable - too much request" 
            return
        }
    }

     Track and enfoce request for specific Device IDs

    if { [set did [URI::query [HTTP::uri] "device_id"]] ne "" } then {

    set count [table incr "PID_$did"]
    if { $count == 1 } then {
         Initialize table data and allow the request
        table set "DID_$did" 1 indef 60
    } elseif { $count < 100 } then {    
         Allow the request
    } elseif { $count == 100 } then {
         Log and block the request
        log local0.debug "Blocked [IP::client_addr] with Device ID \"$pid\". Too much requests..."
        HTTP::respond 503 content "Service temporary unavailable - too much request"
        return
    } else {
         Block the request
        HTTP::respond 503 content "Service temporary unavailable - too much request" 
        return
    }
}

iRule 2:

when HTTP_REQUEST {

     Track and enfoce request for specific PID / Device ID combinations

    if { ( [set pid [URI::query [HTTP::uri] "pid"]] ne "" )
     and ( [set did [URI::query [HTTP::uri] "device_id"]] ne "" ) } then {
        set count [table incr "ID_$pid$did"]
        if { $count == 1 } then {
            table set "ID_$pid$did" 1 indef 60
             Initialize table data and allow the request
        } elseif { $count < 100 } then {    
             Allow the request
        } elseif { $count == 100 } then {
             Log and block the request
            log local0.debug "Blocked [IP::client_addr] with PID \"$pid\" and Device ID \"$did\". Too much requests..."
            HTTP::respond 503 content "Service temporary unavailable - too much request"
            return
        } else {
             Block the request
            HTTP::respond 503 content "Service temporary unavailable - too much request" 
            return
        }
    }
}

Cheers, Kai