Forum Discussion

Altostratus

Oct 10, 2014

Rate limit per ip and url

Hi dudes, Recently I wrote a irule to rate limit a specify ip to visit specify url. However I found it doesn't work and no log can be shown. Is that anything that I can fine tune? when R...

Nacreous

Oct 10, 2014

when RULE_INIT {
  set static::maxRate 3
  set static::windowSecs 1 
} 
when HTTP_REQUEST {                
  if { ([HTTP::method] eq "GET") and \
    ([[string tolower [HTTP::uri]] contains "leisurelink" ] ) } {
     blacklist
    if { [ [IP::client_addr] equals 10.0.0.0/255.0.0.0] }{
       set variables
      set limiter [string tolower [HTTP::uri]]
      set clientip_limitervar [IP::client_addr]:$limiter
      set get_count [table key -count -subtable $clientip_limitervar]

       main condition
      if { $get_count < $static::maxRate } {
        incr get_count 1
        table set -subtable $clientip_limitervar $get_count $clientip_limitervar indefinite $static::windowSecs
      } else {
        log local0. "$clientip_limitervar has exceeded the number of requests allowed."
        drop
        return
      }
    }
  }
}

The statement [[string tolower [HTTP::uri]] contains "leisurelink" ] does not require the outer set of [ ].

The command [ [IP::client_addr] equals 10.0.0.0/255.0.0.0] is not valid. You appear to be missing the IP::addr command to make this work. [IP::addr [IP::client_addr] equals 10.0.0.0/255.0.0.0]

See how you go with that.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)