For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

david_20653's avatar
david_20653
Icon for Nimbostratus rankNimbostratus
Oct 27, 2009

Limit the Connections

Hi     we have Pool that contains five ssl servers   I need to write an IRule to Limit the   Connections from clients to servers to prevent DDoS and DoS attack     T...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 27, 2009
Hi David,

 

 

If you are okay with sending a TCP reset to clients who attempt to establish a connection with the VIP or pool members when they're over the limit, you could configure a connection limit on the VIP and/or individual pool members.

 

 

Else, if you want to do application layer handling of HTTP, you can check the Codeshare (Click here) for some examples:

 

 

high_performance_rate_limiting - This rule will limit the number of request to a particular vhost and uri to...

 

RateLimit_HTTPRequest - Limits HTTP POST requests by user

 

virtual_server_connection_limit_with_HTTP_response - This rule allows administrators to configure a maximum TCP connection limit...

 

HTTPSessionLimit - Limits total concurrent HTTP sessions to a pre-defined threshhold, allowing those clients with a session cookie to continue

 

 

Aaron