Forum Discussion

Yoli_154289

Nimbostratus

Mar 11, 2017

Update - remove/add values from "Data group list" via irule

Hi, Its possible to update "irule data group list" from irule ? and not from WEB or iControl

Nimbostratus

Mar 27, 2017

you can use table to do it. if you want block source ip you can use this irule.

code 
irule_A_Virtaulserver_A
ltm rule /Common/irule_A_Virtaulserver_A {
when RULE_INIT {
    set ::whichone 0
    set static::maxRate 20;
    set static::timeout 60;
    set static::maxquery 11;
    }
when HTTP_REQUEST {
    set getCount [table lookup -notouch -subtable requests [IP::client_addr]]
    set srcip [IP::remote_addr]
    if { [table lookup -subtable "Redirectolist" $srcip] != "" } {
        HTTP::redirect "http://www.abc.com"
        return
    }
    set curtime [clock second]
    set key "count:$srcip:$curtime"
    set count [table incr $key]
    table lifetime $key 2
    if { $count > $static::maxquery } {
        table add -subtable "Redirectolist" $srcip "blocked" indef $static::timeout
        table delete $key
        return
    } 
}
}
====================================================================================================================
irule_B_Virtaulserver_B
ltm ifile /Common/Block_page_html {
    file-name /Common/Block_page_html
}
ltm ifile /Common/logo_jpg {
    file-name /Common/logo_jpg
}
ltm ifile /Common/styles_css {
    file-name /Common/styles_css
}

ltm rule
ltm rule /Common/irule_B_Virtaulserver_B {
when RULE_INIT {
    set static::timeout 60;
    set static::maxquery 11;
    }
when HTTP_REQUEST {
    set srcip [IP::remote_addr]
    if { [table lookup -subtable "Redirectolist" $srcip] != "" } {
        switch [HTTP::uri] {
            "/Block_page/logo.png" { HTTP::respond 200 content [ifile get "logo_jpg"] }
            "/Block_page/styles.css" { HTTP::respond 200 content [ifile get "styles_css"] }
            default { HTTP::respond 200 content [ifile get "Block_page_html"] }
            }
    }
    set curtime [clock second]
    set key "count:$srcip:$curtime"
    set count [table incr $key]
    table lifetime $key 2
    if { $count > $static::maxquery } {
        table set -subtable "Redirectolist" $srcip "blocked" indef $static::timeout
        table delete $key
        drop
        return
    }
}
}

Yoli_154289
Nimbostratus
Mar 27, 2017
Where did you init this table ?

set getCount [table lookup -notouch -subtable requests [IP::client_addr]]

Also the table "Redirectolist" created in both VS's, so its not share between the two VS.

Thanks

oscarnet_69487

Nimbostratus

Mar 27, 2017

hi yoli

my update irule

code 

when RULE_INIT {
    set ::whichone 0
    set static::maxRate 20;
    set static::timeout 60;
    set static::maxquery 23;
    }
when HTTP_REQUEST {
    set getCount [table lookup -notouch -subtable requests [IP::client_addr]]
    set srcip [IP::remote_addr]
    if { [table lookup -subtable "Redirectolist" $srcip] != "" } {
        HTTP::redirect "http://www.abc.com"
        return
    }
    set curtime [clock second]
    set key "count:$srcip:$curtime"
    set count [table incr $key]
    table lifetime $key 2
    if { $count > $static::maxquery } {
        table add -subtable "Redirectolist" $srcip "blocked" indef $static::timeout
        table delete $key
        return
    } else {
    if { $getCount equals "" } {
        table set -subtable requests [IP::client_addr] "1" $static::timeout $static::timeout
        } else {
    if { $getCount < $static::maxRate } {
        table incr -notouch -subtable requests [IP::client_addr]
        } else {
    if {$getCount == $static::maxRate } {
        table incr -notouch -subtable requests [IP::client_addr]
        }
                HTTP::redirect "http://www.abc.com"
                }
            }
        }
    }

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)