Rate limiting traffic for exchnage OAB using source ip addresses/subnets

Puneet:

This thread should be helpful: https://devcentral.f5.com/questions/how-to-limit-a-client-ip-from-continuously-opening-connections-to-the-server

There is an irule in that thread.

You should be able to: 1) add this to your iRUle: when RULE_INIT {

 This is the max requests allowed during "interval" specified below.

set static::maxRate 10;

 Below is the lifetime of the subtable record in seconds. 
 This defines the interval during which requests are tallied. Example: Rate=10 and Timeout=3, allows 10 requests in 3 seconds 
 Note: do not use very high timeout because it increases memory utilization especially under high load. 
 Note: A rate of 100 in 50 seconds is the same is a rate of 20 in 1 second. But 1 second is a lot easier on memory, 
 Because the records expire more quickly and the table does become too large.
set static::timeout 3;

}

And 2) take this section below here, and put it under the /oab part of your switch command. Then it should only limit the /oab uri.

    set getCount [table lookup -notouch -subtable requests [IP::client_addr]]
            if { $getCount equals "" } {
                log local0. "New one:  getCount=$getCount [IP::client_addr] [clock seconds]"
                table set -subtable requests [IP::client_addr] "1" $static::timeout $static::timeout
            } else {

            if { $getCount < $static::maxRate } {
                table incr -notouch -subtable requests [IP::client_addr]

            } else {
                if {$getCount == $static::maxRate } {
                    log local0. "User @ [IP::client_addr] [clock seconds] has reached $getCount in $static::timeout seconds."
                   table incr -notouch -subtable requests [IP::client_addr]
                }
                HTTP::respond 501 content "Request blocked Exceeded requests/sec limit."
                drop
                return
            }

            }