THC SSL DOS , iRule to limit the connection from one client ip in 60 second interval

Hi Klaus,

 

 

Take a look at this article:

 

iRule::ology; Connection Limiting Take 2

 

 

Question: Is there an iRule available to limit the connection from one client ip-address in 60 second interval, for example 10 tcp connections per 60 seconds?

 

Answer: Yes. The iRule in the article above can do it using the Table Command.

 

 

Question: The connection information about the client ip address must shared among all tmm process. Will an iRule solution work with systems running more then one tmm process,

 

for example a BIG-IP 3900 with 4 tmm processes?

 

Answer: Yes. The Table is not only available across TMM's, but across BIP-IP's in an HA Pair. You can read more about it here The Table Command

 

 

Question: If the iRule is added to three virtual server, will the stored client ip-address information be stored for each virtual server or will all three virtual server share the client

 

ip-address information?

 

Answer: In the article example, it would holistic to the BIG-IP because of the variable name. If you wanted it to be specific per Virtual Server you could create different instances of the iRule and change the variable names that are stored in the table.

 

 

Hope this helps.