Forum Discussion
EranN_340350
Nimbostratus
NimbostratusRate limiting per IP and URI
Hi, I need to come up with a solution for rate limiting on a VS in our ASM so a source IP will be limited for specified URI's with 3 requests per minute, 10 requests per hour.
I got this iRule from the web:
when RULE_INIT {
set static::maxRate 3
set static::timeout 60
}
when HTTP_REQUEST {
if { [class match [HTTP::uri] contains URIs_to_throttle] } {
whitelist
if { [class match [IP::client_addr] equals Whitelist_IPs] }
{
return
}
End-of-whitelist
set methodCount [table key -count -subtable [IP::client_addr]]
log local0. "[IP::client_addr]: methodCount=$methodCount"
if { $methodCount < $static::maxRate } then {
incr methodCount 1
log local0. "Adding entry for [IP::client_addr]"
table set -subtable [IP::client_addr] [clock clicks] "1" indef $static::timeout
} else {
log local0. "[IP::client_addr] exceeded max HTTP requests per second"
HTTP::respond 429 content "Request blockedExceeded requests limit."
return
}
}
}
How should I modify this iRule so it will also include the 10 requests per hour limit ?
And second, is this the best approach for rate limiting? future demands will include a higher number of URI's and different time limits + global limits (not only per IP) for each URI, which will make the iRule handling and maintenance too complicated.
Thank you.
Leonardo_SouzaCirrocumulus
Change the variables:
set static::maxRate 10
set static::timeout 3600You also need to create the datagroups:
URIs_to_throttle - String
Whitelist_IPs - AddressSee this for more information:
https://devcentral.f5.com/wiki/irules.class.ashxThere is built in functionality about rate limit:
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/big-ip-local-traffic-manager-implementations-14-0-0/25.html