Klaus_Gerthein1
Mar 01, 2006Nimbostratus
Limit the packets per Second for a session
Hello,
I am new to irules and need some tips.
I used the iRule "Limit Connections From Client" from the iRule Wiki and added the
CLIENT_DATA part to this rule. Will this iRule limit the connections per source ip-address
and the packet per second per source ip-address?
With this rule I want to limit DNS Query's and connections from clients to our dnscaches.
toenspook
when RULE_INIT {
max number of concurent connections
set ::maxcon 10
max number of packets per second
set ::maxpackets 10
array set ::active_clients { }
}
This part is from the iRule Wiki "Limit Connections From Client"
when CLIENT_ACCEPTED {
set client_ip [IP::remote_addr]
if { [info exists ::active_clients($client_ip)] } {
if {$::active_clients($client_ip) > $::maxcon} {
reject
return
} else {
incr ::active_clients($client_ip)
}
} else {
set ::active_clients($client_ip) 1
}
}
I have added this part
when CLIENT_DATA {
If 'IP stats pkts in / IP stats age' is lager then maxpackets reject the packet
if { [expr {[IP::stats pkts in]} / {[IP::stats age]}] > $::maxpackets } {
reject
return
}
}
This part is from the iRule Wiki "Limit Connections From Client"
when CLIENT_CLOSED {
if { [info exists ::active_clients($client_ip)] } {
incr ::active_clients($client_ip) -1
if { $::active_clients($client_ip) <= 0 } {
unset ::active_clients($client_ip)
}
}
}