For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bruce_Bronczyk's avatar
Bruce_Bronczyk
Icon for Altostratus rankAltostratus
Jun 13, 2014

Randomly unpredictable rate limiting using the iRule iRules.virtual_server_connection_rate_limit_with_tables.ashx

Has anyone used this iRule, https://devcentral.f5.com/wiki/iRules.virtual_server_connection_rate_limit_with_tables.ashx, and seen issues with random rate limiting for some connections well below the ...
application delivery
devops
iRules
LTM
bensvobodny_923's avatar
bensvobodny_923
Icon for Nimbostratus rankNimbostratus
Jun 19, 2014

when CLIENT_ACCEPTED {

set static::whitelist_class vsratelimit_whitelist_class

if {[class match [IP::client_addr] equals vsratelimit_whitelist_class]}{

  return

}

set cid [clock clicks] set conns 20 set rate 1 Track this connection in the subtable using the client IP:port as a key set key "[IP::client_addr]:[TCP::client_port]" set current [table keys -subtable [virtual]:[IP::client_addr] -count] table set -subtable [virtual]:[IP::client_addr] $cid 0 indef $rate

if {$current > $conns} { table delete -subtable [virtual]:[IP::client_addr] $cid log local0. "$key: Connection to [IP::local_addr]:[TCP::local_port]\ ([virtual name]). At limit, rejecting (current: $current / max: $conns)" TCP::respond "Your request is being rate limited. Please reduce the frequency of your requests and try again later"

TCP::close } }