HTTP slow post mitigation

Problem this snippet solves: Here is an updated version of the iRule from this post and techtip. Mitigating Slow HTTP Post DDoS Attacks With iRules – Follow-up https://devcentral.f5.com/Community/...
Published Mar 18, 2015
Version 1.0
application delivery
devops
iRules
security
sthussey_131917's avatar
sthussey_131917
Icon for Nimbostratus rankNimbostratus
Jul 24, 2015
Are there any concerns about race conditions for Keep-Alive connections? It seems the 'id' variable is scoped to the TCP connection. If we get request A and begin data collection (and therefore initiated the 'after' call with id 1) and before the collection is finished, we receive request B and collection is started and another 'after' call is started with id 2. When HTTP_REQUEST_DATA is called for the collection of request A, wouldn't $id now be 2 and therefore the cancellation call for the after event 1 would not happen. Could this cause termination of valid connections in some edge cases? Edit: I over thought it. HTTP 1.1 doesn't allow concurrent outstanding requests over a single connection, so no race condition.