For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

walkman69's avatar
walkman69
Icon for Altostratus rankAltostratus
Mar 25, 2024
Solved

URL Distribution

I received a request as to the possibility to or distribute traffic for one url to multiple urls (round-robin, least connections, or even just randomly ) but never exceed 50 connections to each one. ...
application delivery
  • JRahm's avatar
    JRahm
    Mar 26, 2024

    Not at all tested or optimized or secured against injection with the table commands, but to get the juices flowing I threw this together. Not 100% confident it'll work and I don't have time until end of the week to flesh out and test, but it is possible to achieve what you're after. That said, it'll be a support nightmare to grow with the needs of the business since it's not a well-defined problem or scale, so I would push back against this particular ask.

    when HTTP_REQUEST priority 500 {
    if { [string tolower [HTTP::path]] == "/form"} {
        foreach form [list form1 form2 form3 form4 form5 form6] {
            if { [table lookup $form] < 50 } {
                table incr $form 1
                HTTP::uri /$form
                set current_form $form
                break
            }
        }
    }
}
when HTTP_REQUEST priority 501 {
    if { [string tolower [HTTP::path]] == "/form" } {
        HTTP::respond 429 content "<html><body><p>All forms at max of 50 requests</p></body></html>" 
    }
}
when HTTP_RESPONSE {
    table incr $current_form -1
}

     

Daniel_Wolf's avatar
Daniel_Wolf
Icon for MVP rankMVP
Mar 26, 2024

Hi walkman69,

I am randomly guessing, that each form1-6 is server by a different pool member. If my assumption is right, you can set a session limit per node and use Least Connections method for load balancing.

root@(awaf)(cfg-sync Standalone)(Active)(/Common)(tmos)# list ltm node 10.0.2.50 
ltm node 10.0.2.50 {
    address 10.0.2.50
    connection-limit 50
}

Then I would do the URL rewriting on the web server in the backend. Doing application logic on the BIG-IP is possible, but sometimes it's just... meh... Uti, non abuti.

Maybe you can explain your requirements a bit more in details, so we can suggest a better solution.

KR
Daniel

 

  • walkman69's avatar
    walkman69
    Icon for Altostratus rankAltostratus
    Mar 26, 2024

    Hi Daniel_Wolf! This is not node/member specific. All forms will reside on all servers in the same pool(s) and those servers it is just this one particular form/webpage that needs this type of distribution as the servers also handle traffic for other websites, so the connection limit cannot be set on a node basis. I definitely agree this is something that should be done on the web server itself, the dev team just wants to explore all options.