Forum Discussion
suyeup_77835
Jun 07, 2011Nimbostratus
need count a HTTPheader Referer
hi.. my name is sooyeup.kim i'm from korea.
i need help.
now, my company have F5 L7-Switch.(four!!) but we don't have iRule engineer.
(customize the iRule is very hard!!T0T) i need this iRule.
1. Count a All Referer(HTTP::header) and IP
2. if some Referer is over the limit, drop that IP
i was write the this iRule, but that is wrong!!!T-T
when RULE_INIT {
array unset ::user array
set ::user { } array
set ::blocklist { } array
set ::refererlist{ }
set ::attacktime 10
set ::maxreferer 100
set ::holdtime 3 set ::referer }
when HTTP_REQUEST {
set ::referer [HTTP::header Referer]
if { ($::referer contains "mrtg") } {
if { [ info exists ::blocklist([IP::remote_addr]) ] } {
if {$::holdtime > [ expr [clock seconds] - $::blocklist([IP::remote_addr]) ] } {
drop log local5. "[IP::remote_addr] is HOLD" return
} else {
unset ::blocklist([IP::remote_addr]) log local5. "[IP::remote_addr] is released" }
}
if{[info exists ::refererlist]}{
if{[HTTP::header Referer] equals $::refererlist}{
if { [info exists ::user([IP::remote_addr],count)] } {
if { $::attacktime > [expr [clock seconds] - $::user([IP::remote_addr],duration)]} {
if {$::user([IP::remote_addr],count) > $::maxreferer } {
set ::blocklist([IP::remote_addr]) [clock seconds]
log local5. "[IP::remote_addr] is blocked"
drop
return
} else {
incr ::user([IP::remote_addr],count) 1
return
}
} else {
unset ::user([IP::remote_addr],count)
unset ::user([IP::remote_addr],duration) }
} else {
if { 20000 < [array size ::user] } {
array unset ::user array set ::user { } }
set ::user([IP::remote_addr],count) 1
set ::user([IP::remote_addr],duration) [clock seconds]
set ::refererlist([HTTP::header Referer]) }
}
}
}
}
help me please!
thank you..
- hooleylistCirrostratusAre you on 10.x or 9.x? For 10.x, you'd want to use a subtable to store the Referers instead of a global array. You can use the table command to access and modify a subtable:
- John_Alam_45640Historic F5 AccountHere is an example i-rule which uses the tables. This irule counts connections on a per source IP basis. You can change it to count referrers instead.
- suyeup_77835Nimbostratusthank!!
- suyeup_77835Nimbostratusthank!!
- Colin_Walker_12Historic F5 AccountSure, you could take the code above and change it around to count the number of requests from a given referrer ([HTTP::header "referrer"]) and it should work fine. If you have any specific questions on how to make this work let us know.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects