Forum Discussion
mat1010_230145
Nimbostratus
NimbostratusRate limit only new connections
Hi,
right now i'm using the following iRule on our big-ip 4200 to globally keep track of req/s through all vservers using this iRule.
when HTTP_REQUEST {
Set lifetime to 1s for earch request...
mat1010_230145Nimbostratus
NimbostratusI'm now using the following which seems to work as I would expect it:
when HTTP_REQUEST {
Set lifetime to 1s for earch request
set lifetime 1
Set the limit of req/s
set requestlimit 10
Adding "GlobalCount" to the table starting with a value of 1 and the lifetime of $lifetime
table add "Globalcount" 1 indefinite $lifetime
Set local variable "$currentcount" to the value of GlobalCount from the table
set currentcount [table lookup -notouch Globalcount]
log local0. "VIP: [HTTP::host]"
log local0. "GlobalCount: $currentcount"
if { $currentcount < $requestlimit } {
table incr -notouch "Globalcount"
table add -subtable connlimit:[IP::client_addr] [TCP::client_port] "" 180
} elseif { [table keys -subtable connlimit:[IP::client_addr] -count] >= 1 } {
table incr -notouch "Globalcount"
} else {
log local0. "Redirected to http://[HTTP::host]/somePage.html"
HTTP::redirect "http://[HTTP::host]/somePage.html"
}
}
Would be great if someone of the more experienced people could look at it and let me know if there's major pitfall in my iRule.
Thanks in advance
