table command causing abort of rule event HTTP_REQUEST
Hello everyone,
This is my first dig into iRules, and I'm hitting an issue with the table command that is aborting my rule. I'm essentially trying to rate limit requests per URI per ASPNET Session ID. I've been working with the iRule for a couple days, so I know it's not at its best and has excessive logging (for the purposes of figuring this out). I'm testing with a backend server that doesn't use ASP, so I'm setting it statically in the iRule as a failsafe for now. I'm building that up now for testing.. but hit some snags.
The main issue is the table command aborting the rule execution. I was originally putting many of the table lookups directly into the if statements, but I was able to resolve an abort earlier in the rule by setting to a variable first.
Here are the logs:
[admin@LTM1:ModuleNotLicensed:Active:Standalone] ~ tail /var/log/ltm
Jun 6 11:07:23 LTM1 info tmm1[8579]: 01220009:6: Pending rule event HTTP_REQUEST aborted for 192.168.21.102:58079->10.202.20.170:80 (listener: /Common/Drupal_HTTP)
Jun 6 11:07:23 LTM1 info tmm[8579]: Rule /Common/JSESSIONRateLimit : iRule_Rate-Limiter: HTTP_REQUEST Matched
Jun 6 11:07:23 LTM1 info tmm[8579]: Rule /Common/JSESSIONRateLimit : iRule_Rate-Limiter: No session cookie found. Quitting..
Jun 6 11:07:23 LTM1 info tmm[8579]: Rule /Common/JSESSIONRateLimit : iRule_Rate-Limiter: Got URI, /drupal/themes/garland/images/bg-content-right.png, making key: session1_/drupal/themes/garland/images/bg-content-right.png
Jun 6 11:07:23 LTM1 info tmm[8579]: 01220009:6: Pending rule event HTTP_REQUEST aborted for 192.168.21.102:58080->10.202.20.170:80 (listener: /Common/Drupal_HTTP)
Jun 6 11:07:23 LTM1 info tmm1[8579]: Rule /Common/JSESSIONRateLimit : iRule_Rate-Limiter: HTTP_REQUEST Matched
Jun 6 11:07:23 LTM1 info tmm1[8579]: Rule /Common/JSESSIONRateLimit : iRule_Rate-Limiter: No session cookie found. Quitting..
Jun 6 11:07:23 LTM1 info tmm1[8579]: Rule /Common/JSESSIONRateLimit : iRule_Rate-Limiter: Got URI, /drupal/themes/garland/images/bg-content-right.png, making key: session1_/drupal/themes/garland/images/bg-content-right.png
Jun 6 11:07:23 LTM1 info tmm1[8579]: Rule /Common/JSESSIONRateLimit : iRule_Rate-Limiter: Matched second else.. not following conditionals.
Jun 6 11:07:23 LTM1 info tmm1[8579]: 01220009:6: Pending rule event HTTP_REQUEST aborted for 192.168.21.102:58081->10.202.20.170:80 (listener: /Common/Drupal_HTTP)
`
Here is the rule:
`when HTTP_REQUEST {
log local0. "iRule_Rate-Limiter: HTTP_REQUEST Matched"
set maxReqs 5
set cooldownTimer 30
set sampleTimer 30
set timeout 30
if { [HTTP::cookie exists "ASP.NET_SessionId"] } {
set aspid [HTTP::cookie ASP.NET_SessionId]
log local0. "iRule_Rate-Limiter: SESSION Cookie present: $aspid"
} else {
log local0. "iRule_Rate-Limiter: No session cookie found. Quitting.."
pool Drupal_Pool
event HTTP_REQUEST disable
set aspid "session1"
}
set reqURI [string tolower [HTTP::uri]]
set key "$aspid"
append key "_$reqURI"
log local0. "iRule_Rate-Limiter: Got URI, $reqURI, making key: $key"
set onCooldown [table lookup -subtable "Cooldowns" $key]
if { $onCooldown != "" } {
log local0. "iRule_Rate-Limiter: Key: $key is already on cooldown, sending HTTP:429 status code."
HTTP::respond 429
} else {
log local0. "iRule_Rate-Limiter: Matched second else.. not following conditionals."
set currCount [table add $key 1]
if { $currCount == "" } {
table set $key 1 $timeout $sampleTimer
log local0. "iRule_Rate-Limiter: First attempt for $key, adding to table for tracking."
} else {
if { ($currCount <= $maxReqs) } {
table incr $key 1
incr currCount
log local0. "iRule_Rate-Limiter: $key not on timeout, but not first request. Incrementing count to $currCount in session table."
} else {
HTTP::respond 429
table set -subtable "Cooldowns" $key "yes" $timeout $cooldownTimer
log local0. "iRule_Rate-Limiter: $key triggered cooldown with $currCount attempts. Adding to cooldown table."
}
}
}
}
Note that the rule is aborting at this line of code (line 31):
set currCount [table add $key 1]
Any help here is greatly appreciated, as I can't find anything outlining why this occurs. It's a small rule, and a simple lookup so I don't see why it would cause the rule to suspend indefinitely.
Thanks! Ryan