HTTP Request Throttle by IP and UserAgent

Problem this snippet solves: This is a modification of Kirk Bauer's iRule found here: https://devcentral.f5.com/codeshare/http-request-throttle The modification is for rate limiting individual IP...
Published Mar 15, 2017
Version 1.0
BIG-IP
iRules
security
ldesfosses's avatar
ldesfosses
Icon for Cirrus rankCirrus
Aug 06, 2019

Just a quick note, this is a great iRule, I've used it internally, but an attacker alone (no need for many attackers) can generate a new random IP and add it in the X-forwarded-for Header. Same for the UserAgent header, he can generate a new one for each request.

The attacker can then create a lot of entry in the table with a relatively simple loop and take almost all the "chance" of the legitimate users to be able to execute a request.

 

It's then a DOS situation. If it happen, the only solution is to blacklist the IP.

I don't think it's avoidable by using just iRule, I just wanted to point it.