For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ryan_111816's avatar
ryan_111816
Icon for Nimbostratus rankNimbostratus
Nov 18, 2009

Limiting Duplicate HTTP GETs

Hi folks. I'm new to DevCentral so I apologize if I'm posting in the wrong place. I've been running a couple of old v4 BIG-IPs for years and just recently made the jump to a couple of LTM-1600's wi...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 16, 2009
Hi Ryan,

 

 

I think Deb's rule, RateLimit_HTTPRequest, is a little more straightforward for your scenario. The other rule has more functionality but is more complicated than what I think you need.

 

 

Are there specific URIs and/or client IP address ranges that you want to rate limit GETs for?

 

 

What do you want to do if a client makes multiple GET requests without the session identifying cookie?

 

 

Are the clients potentially malicious, or just badly configured/implemented? ie, will they potentially modify or delete their cookies?

 

 

When the flood of requests comes, is it from many different clients at the same time? To many different URIs?

 

 

Also, which LTM version (b version | head) and platform (b platform | head) are you using?

 

 

Thanks,

 

Aaron