And one more problem .... for which I am just stumped:
The full iRule I have is thus:
when RULE_INIT {
set static::maxRate 10
set static::timeout 1
}
when HTTP_REQUEST {
if { ([HTTP::uri] starts_with "/v3") } {
log local0. "You are here: step 1"
if { [HTTP::header exists Authorization] } {
log local0. "You are here: step 2"
set limiter [join [findstr [HTTP::header value Authorization] " " 1 end] ""]
log local0. "You are here: step 3 => got auth token => $limiter"
set methodCount [table key -count -subtable [IP::client_addr]:$limiter]
log local0. "You are here: step 4 => Count = $methodCount / $limiter"
} else {
set limiter "[TCP::client_port]"
log local0. "You are here: Step 5: Limiter Set to: [TCP::client_port] for [IP::client_addr]"
set methodCount [table key -count -subtable [IP::client_addr]:$limiter]
log local0. "You are here: step 6 => Count = $methodCount / $limiter"
}
if { $methodCount < $static::maxRate } {
incr methodCount 1
log local0. "You are here: step 7 Adding entry for [IP::client_addr]"
table incr -notouch -subtable [IP::client_addr]:$limiter [clock clicks] "1" indef $static::timeout
} else {
log local0. "[IP::client_addr] with limiter $limiter blocked"
HTTP::respond 429 content "Request blocked - Requests per second exceeded." Access-Control-Allow-Origin "*"
return
}
}
}
I get the following error in the logs and I for the life of me cannot figure out what is wrong:
- wrong args: should be "table incr -notouch -subtable 172.20.0.84:{f027f673812eb228d7b86a86601fc166-6f0a04ed3ef4722012ab8245f538abe8} 1480534505883002 1 indef 1 (extra args supplied)" while executing "table incr -notouch -subtable [IP::client_addr]:$limiter [clock clicks] "1" indef $static::timeout"
Help. Anyone !!! Please.
The goal of this irule is to rate limit on the IP::authtoken. If that fails then filter on the IP:remote_port
A client is allowed 120 HTTP requests per second.
If I remove the "1" indef $static::timeout portion of the table incr command then it "works" , sort of. It will hit 120 connections and drop everything after the 120th connection, as it is not properly expiring the connection table.
The [clock clicks] "1" indef $static::timeout works in another irule so I am not sure what is wrong here.
I'd appreciate any help or assistance.
Thank you.