Forum Discussion
lstewart_53611
Nimbostratus
NimbostratusLimiting number of connected clients
I am trying to write a rule to limit the number of individual clients that can connect to a VS, but not limit the total number of connections that they can have. After that limit has been reached, ad...
hoolio
Cirrostratus
CirrostratusI think tracking 1000 client IPs is necessary if you want to allow the first 1000 clients to open as many connections as they try to. Here is an iRule which should support your scenario. It tracks the client IP and count of concurrent TCP connections. This way the client can open multiple connections. The client IP is removed from the array when their last connection is closed.
I didn't test it so let me know if you run into any issues when you test it.
Aaron
when RULE_INIT {
Initialize a new array of client IP addresses
set ::clients { }
}
when CLIENT_ACCEPTED {
Check if the client IP is already in the array
if {[info exists ::clients([IP::client_addr])]}{
Client already exists in the array, so increment the connection count
incr ::clients([IP::client_addr])
} else {
Client IP isn't in the array, so check if we're under the limit
if {[array size ::clients] < 1000}{
Allowing this client, so add them the array with one connection counted
set ::clients([IP::client_addr]) 1
} else {
We're over the limit, so reject the connection
reject
}
}
}
when CLIENT_CLOSED {
Check if the client IP is in the array (this should always be true)
if {[info exists ::clients([IP::client_addr])]}{
Decrement the count
incr ::clients([IP::client_addr]) -1
If the count is less than 1, remove the client IP from the array
if {$::clients([IP::client_addr]) < 1}{
unset ::clients([IP::client_addr])
}
}
}
