Forum Discussion

Nimbostratus

Oct 28, 2015

Rate limit only new connections

Hi, right now i'm using the following iRule on our big-ip 4200 to globally keep track of req/s through all vservers using this iRule. when HTTP_REQUEST { Set lifetime to 1s for earch request...

Nimbostratus

Oct 28, 2015

I'm now using the following which seems to work as I would expect it:

when HTTP_REQUEST {
   Set lifetime to 1s for earch request
  set lifetime 1

   Set the limit of req/s
  set requestlimit 10

   Adding "GlobalCount" to the table starting with a value of 1 and the lifetime of $lifetime
  table add "Globalcount" 1 indefinite $lifetime

   Set local variable "$currentcount" to the value of GlobalCount from the table
  set currentcount [table lookup -notouch Globalcount]

  log local0. "VIP: [HTTP::host]"
  log local0. "GlobalCount: $currentcount"

  if { $currentcount < $requestlimit } {
    table incr -notouch "Globalcount"
    table add -subtable connlimit:[IP::client_addr] [TCP::client_port] &quot;&quot; 180
  } elseif { [table keys -subtable connlimit:[IP::client_addr] -count] >= 1 } {
    table incr -notouch &quot;Globalcount&quot;
  } else {
    log local0. "Redirected to http://[HTTP::host]/somePage.html"
    HTTP::redirect "http://[HTTP::host]/somePage.html"
  }
}

Would be great if someone of the more experienced people could look at it and let me know if there's major pitfall in my iRule.

Thanks in advance

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)