Forum Discussion
Burak_ISIKSOY_1
Nimbostratus
Nimbostratusuri query limiting
hi,
I want to limit the queries to certain uri unfortunately I couldnt manage so far. Can someone point me what I am missing.Thanks
----------data group--------
query_limiter_uri;
Search.aspx
...
Kevin_Stewart
Employee
EmployeeTry this:
when RULE_INIT {
set static::maxrate 2
set static::timespan 60
set static::respond_page { Too many requests. Try again later }
}
when HTTP_REQUEST {
if { ( [HTTP::method] eq "POST" ) and ( [class match [string tolower [HTTP::uri]] contains query_limiter_uri] ) } {
if { [class match [IP::client_addr] eq query_limiter_whitelist] } {
return
}
set cl_q [string tolower [HTTP::uri]]
set clid [IP::client_addr]:[IP::remote_addr]:[TCP::local_port]
set clid_q "${clid}:${cl_q}"
if { [table lookup -subtable REQCOUNT $clid_q] eq "" } {
table set -subtable REQCOUNT $clid_q 1 $static::timespan
} elseif { [table lookup -subtable REQCOUNT $clid_q] > $static::maxrate } {
log local0. "-- $clid -- violation detected -- $cl_q -- exceeded number of requests --"
HTTP::respond 200 content $static::respond_page
} else {
table incr -subtable REQCOUNT $clid_q
}
}
}
There were a few things that might have given you a problem in the first version of the iRule:
-
You're table entries include the client side port, which would likely change often enough to bypass your catch.
-
You're attempting to respond and redirect in the same condition.
-
Your class match is doing a [string tolower ] evaluation, but you have a string in your data group with an uppercase letter.
The above basically says:
- If the table entry doesn't exist, create it.
- If it exists and is greater than maxrate, respond with static content.
- Else increment the table entry.
