Forum Discussion
NimbostratusRate-limit based on User-Agent String
Hello, below is the code I'm using to accomplish this. Right now, the count is timing out every second instead of every 360 seconds as listed below. Does anyone see why this would happen?
when HTTP_REQUEST {
# Default rate to limit requests
set UASmaxRate 50
# Default rate to warn
set UASwarnRate 30
# During this many seconds
set UAStimeout 360
# Increment and Get the current request count bucket
set epoch [clock seconds]
set currentCount [table incr -notouch "Count_[HTTP::header User-Agent]_${epoch}"]
if { $currentCount eq "" } then {
# Initialize a new request count bucket
table set "Count_[HTTP::header User-Agent]_${epoch}" 1 indef $UAStimeout
set currentCount 1
}
# Actually check for being over limit
if { $currentCount >= ${UASmaxRate} } then {
log local0. "ERROR: UAS:[HTTP::header User-Agent] exceeded ${UASmaxRate} requests per second. Rejecting request. Current requests: ${currentCount}."
reject
}
elseif { $currentCount > $UASwarnRate } then {
log local0. "WARNING: UAS:[HTTP::header User-Agent] exceeded ${UASwarnRate} requests per second. Will reject at ${UASmaxRate}. Current requests: ${currentCount}."
}
log local0. "UAS:[HTTP::header User-Agent]: currentCount: ${currentCount}"
}
- boneyard
MVP
i dont do iRules well from my mind but i feel there is something tricky with creating tables based on the time.
table set "Count_[HTTP::header User-Agent]_${epoch}" 1 indef $UAStimeoutdoesnt that generate a new table like with every new request on a different time?
if i would trouble shoot this i'd add some log lines during the checking and creating of tables to see the values that are used and returned.
