Forum Discussion
alvaro_martinez
Nimbostratus
NimbostratusUse rule Limit Connections From Client
Hi all,
I´m trying to configure rule in bigip config file but I can´t to work correct.
I have the next configuration but when I try connect to virtual server from white list server, the virtual server can´t answer.
How do it for use test-pool?
Virtual description
virtual vs_xxxxxxxx_9000 {
destination xxxxxx:9000
ip protocol tcp
rule load_limit
Rule configuration
rule load_limit {
when RULE_INIT {
array set ::active_clients { }
array set white_client {
1.1.1.1
1.1.1.2
}
}
when CLIENT_ACCEPTED {
set client_ip [IP::remote_addr]
if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {
if {$::active_clients($client_ip) > 10 } {
reject
log local0. "Reject IP $client_ip ($::active_clients($client_ip))"
return
} else {
incr ::active_clients($client_ip)
}
} else {
set ::active_clients($client_ip) 1
pool test-pool
}
}
when CLIENT_CLOSED {
set client_ip [IP::remote_addr]
if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {
incr ::active_clients($client_ip) -1
if { $::active_clients($client_ip) <= 0 } {
unset ::active_clients($client_ip)
}
}
}
}
Regards
- The_BhattmanIt's better to use the iRULE text field in the gui and then you can selected it for the virtual server xxxxx:9000
Nicolas_MenantEmployee
hi,
it looks good ...
Could you try to add some logging information and show us what you have for a white IP ?
Exampl:
when RULE_INIT {
array set ::active_clients { }
array set white_client {
1.1.1.1
1.1.1.2
}
}
when CLIENT_ACCEPTED {
set client_ip [IP::remote_addr]
if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {
log local0. "not an active connection or not a white IP"
if {$::active_clients($client_ip) > 10 } {
reject
log local0. "Reject IP $client_ip ($::active_clients($client_ip))"
return
} else {
log local0. "increase active clients"
incr ::active_clients($client_ip)
}
} else {
log local0. "new active client or White IP"
set ::active_clients($client_ip) 1
pool test-pool
}
}
when CLIENT_CLOSED {
set client_ip [IP::remote_addr]
if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {
log local0. "Closing connection, updating array"
incr ::active_clients($client_ip) -1
if { $::active_clients($client_ip) <= 0 } {
unset ::active_clients($client_ip)
}
}
}
What is your BIGIP Version? If you are in v9.4.X version you need to remove the binary file sometimes after updating the config files.
it may be better to work through the GUI as cmbhatt advised
HTH
David_HomoneyAlso you may want to check out the iRule Editor, it is extremely useful in iRules developement. Link below.
Click here
