Forum Discussion
Sumanta_88744
Cirrus
CirrusUniversal Persistence with X-forwarder
Hi Experts Can I use Universal persistence using x-forwarder with i-rule? I would have each x-forwarded IP stick to the same back-end pool member. Will this work? Can you please share code? Any ...
A formatted version of the "Per VS" rate limiting. You can apply the same irule to all standard VS using UIE persistence.
when RULE_INIT { set static::maxReqs 3; set static::timeout 60; } when HTTP_REQUEST { set vs [URI::basename [virtual]] if { [HTTP::header exists "X-Forwarded-For"] } { set client_IP_addr [getfield [lindex [HTTP::header values "X-Forwarded-For"] 0] "," 1] } else { set client_IP_addr [IP::client_addr] } if { ([HTTP::method] eq "GET") and ([class match [string tolower [HTTP::uri]] ends_with $vs_URI_LIST_TO_LIMIT] ) } { whitelist if { [class match [IP::client_addr] equals $vs_ips_whitelist] }{ return } set getcount [table lookup -notouch "$vs_$client_IP_addr:[HTTP::uri]"] if { $getcount equals "" } { table set "$vs_$client_IP_addr:[HTTP::uri]" "1" $static::timeout $static::timeout } else { if { $getcount < $static::maxReqs } { table incr -notouch "$vs_$client_IP_addr:[HTTP::uri]" } else { reject } } } persist uie $clientip } when HTTP_RESPONSE { persist add uie $clientip }
Sumanta_88744Cirrus
CirrusHi Yann
Now the URI i rule with XFF is giving error while loading into the F5. Is there any syntax validation system online so that we can verify the rules before pasting?
Aug 17 11:50:12 VSESITE-99-LB01 err mcpd[8325]: 01070151:3: Rule [/Common/iRule_rate_limit-uie] error: /Common/iRule_rate_limit-uie:10: error: [missing a script after "if"][ ] Aug 17 11:50:37 VSESITE-99-LB01 err mcpd[8325]: 01070151:3: Rule [/Common/iRule_rate_limit-uie] error: /Common/iRule_rate_limit-uie:10: error: [missing a script after "if"][ ] Aug 17 11:51:51 VSESITE-99-LB01 err mcpd[8325]: 0107167d:3: Data publisher not found or not implemented when processing request (unknown request), tag (20594). Aug 17 11:52:51 VSESITE-99-LB01 err mcpd[8325]: 01070151:3: Rule [/Common/iRule_rate_limit-uie] error: /Common/iRule_rate_limit-uie:5: error: [parse error: missing close-brace][{ if { [HTTP::header exists X-forwarded-for] } { set client_IP_addr [getfield [lindex [HTTP::header values X-Forwarded-For] 0] "," 1] } set client_IP_addr [IP::client_addr] if { ([HTTP::method] eq "GET") and ([class match [string tolower [HTTP::uri]] ends_with URI_LIST_TO_LIMIT] ) } { set getcount [table lookup -notouch "$client_IP_addr:[HTTP::uri]"] if { $getcount equals "" } { table set "$client_IP_addr:[HTTP::uri]" "1" $static::timeout $static::timeout } else { if { $getcount < $static::maxReqs } { table incr -notouch "$client_IP_addr:[HTTP::uri]" } else { reject } } }] /Common/iRule_rate_limit-uie:6: error: [command is not valid in the current scope][if { [HTTP::header exists X-forwarded-for] } {
Aug 17 11:53:01 VSESITE-99-LB01 err mcpd[8325]: 01070151:3: Rule [/Common/iRule_rate_limit-uie] error: /Common/iRule_rate_limit-uie:10: error: [missing a script after "if"][ ] /Common/iRule_rate_limit-uie:11: error: [undefined procedure: set getcount [table lookup -notouch "$client_IP_addr:[HTTP::uri]"] if { $getcount equals "" } { table set "$client_IP_addr:[HTTP::uri]" "1" $static::timeout $static::timeout } else { if { $getcount < $static::maxReqs } { table incr -notouch "$client_IP_addr:[HTTP::uri]" } else { reject } } ][{ set getcount [table lookup -notouch "$client_IP_addr:[HTTP::uri]"] if { $getcount equals "" } { table set "$client_IP_addr:[HTTP::uri]" "1" $static::timeout $static::timeout } else { if { $getcount < $static::maxReqs } { table incr -notouch "$client_IP_addr:[HTTP::uri]" } else {