Forum Discussion
cawong23_136311
Altostratus
AltostratusRate limit per ip and url
Hi dudes,
Recently I wrote a irule to rate limit a specify ip to visit specify url. However I found it doesn't work and no log can be shown. Is that anything that I can fine tune?
when RULE_INIT {
set static::maxRate 3
set static::windowSecs 1
}
when HTTP_REQUEST {
if { ([HTTP::method] eq "GET") and ([[string tolower [HTTP::uri]] contains "leisurelink" ] ) } {
blacklist
if { [ [IP::client_addr] equals 10.0.0.0/255.0.0.0] }{
set variables
set limiter [string tolower [HTTP::uri]]
set clientip_limitervar [IP::client_addr]:$limiter
set get_count [table key -count -subtable $clientip_limitervar]
main condition
if { $get_count < $static::maxRate } {
incr get_count 1
table set -subtable $clientip_limitervar $get_count $clientip_limitervar indefinite $static::windowSecs
} else {
log local0. "$clientip_limitervar has exceeded the number of requests allowed."
drop
return
}
}
}
}
1 Reply
Kevin_Davies_40Nacreous
when RULE_INIT { set static::maxRate 3 set static::windowSecs 1 } when HTTP_REQUEST { if { ([HTTP::method] eq "GET") and \ ([[string tolower [HTTP::uri]] contains "leisurelink" ] ) } { blacklist if { [ [IP::client_addr] equals 10.0.0.0/255.0.0.0] }{ set variables set limiter [string tolower [HTTP::uri]] set clientip_limitervar [IP::client_addr]:$limiter set get_count [table key -count -subtable $clientip_limitervar] main condition if { $get_count < $static::maxRate } { incr get_count 1 table set -subtable $clientip_limitervar $get_count $clientip_limitervar indefinite $static::windowSecs } else { log local0. "$clientip_limitervar has exceeded the number of requests allowed." drop return } } } }The statement [[string tolower [HTTP::uri]] contains "leisurelink" ] does not require the outer set of [ ].
The command [ [IP::client_addr] equals 10.0.0.0/255.0.0.0] is not valid. You appear to be missing the IP::addr command to make this work. [IP::addr [IP::client_addr] equals 10.0.0.0/255.0.0.0]
See how you go with that.
