Forum Discussion

NZ_David_20489's avatar
NZ_David_20489
Icon for Nimbostratus rankNimbostratus
Oct 21, 2011

Restricting connections per Virtual Server

I've tested the 'connection limit' on the Virtual Server, and this works fine. Connections are limited to the configured value. However I'm trying to deploy a similar solution using an iRule, but with an additional redirect of those connections over the limit.

 

 

I've tried the below iRule but it doesn't seem function, however logs indicate it is. Thanks for any advice given.

 

 

when RULE_INIT {

 

Set a global max for number of concurrent TCP connections

 

set ::max_connections 25

 

Print debug messages to /var/log/ltm? 1=yes, 0=no

 

set ::debug 1

 

Initialize a counter for active connections (don't modify this)

 

set ::active_connections 0

 

Log local identifying start

 

log local0. "rule session_limit initialized: total/max: $::total_active_clients/$::max_active_clients"

 

}

 

when HTTP_REQUEST {

 

if we are over the limit for the connection, redirect

 

if {$::active_connections > $::max_connections}{

 

redirect

 

HTTP::redirect "http://10.1.1.101:80/unavailable.html"

 

Close the connection

 

TCP::close

 

Log a message to /var/log/ltm

 

if {$::debug}{log local0. "Over limit (current/max: $::active_connections/$::max_connections). Closing to [IP::client_addr]"}

 

We're not over the limit, so check if this is the first HTTP request on the TCP connection.

 

}elseif {[HTTP::request_num] == 1}{

 

Increment the TCP connection count.

 

incr ::active_connections 1

 

}

 

}

 

when CLIENT_CLOSED {

 

A connection was closed, so decrement the global counter

 

incr ::active_connections -1

 

Log a message to /var/log/ltm

 

if {$::debug}{log local0. "Connection closing to [IP::client_addr]"

 

}

 

}
application delivery
dev
devops
iRules
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Oct 21, 2011
    when there are multiple requests in a connection, HTTP::request_num will accumulate. 

    [root@iris:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.17.33:http
   ip protocol tcp
   rules myrule2
   profiles {
      http {}
      tcp {}
   }
}
[root@iris:Active] config  b rule myrule2 list
rule myrule2 {
   when HTTP_REQUEST {
        log local0. "client [IP::remote_addr]:[TCP::remote_port], uri [HTTP::uri], [HTTP::request_num]"
}
}

Oct 21 18:05:04 local/tmm info tmm[17220]: Rule myrule2 : client 192.168.206.102:49995, uri /, 1
Oct 21 18:05:04 local/tmm info tmm[17220]: Rule myrule2 : client 192.168.206.102:49995, uri /dog.gif, 2
Oct 21 18:05:04 local/tmm info tmm[17220]: Rule myrule2 : client 192.168.206.102:49995, uri /favicon.ico, 3
Oct 21 18:05:04 local/tmm info tmm[17220]: Rule myrule2 : client 192.168.206.102:49995, uri /favicon.ico, 4
Oct 21 18:05:10 local/tmm info tmm[17220]: Rule myrule2 : client 192.168.206.102:49995, uri /, 5
Oct 21 18:05:10 local/tmm info tmm[17220]: Rule myrule2 : client 192.168.206.102:49995, uri /dog.gif, 6
Oct 21 18:05:13 local/tmm info tmm[17220]: Rule myrule2 : client 192.168.206.102:49995, uri /, 7
Oct 21 18:05:13 local/tmm info tmm[17220]: Rule myrule2 : client 192.168.206.102:49995, uri /dog.gif, 8