Virtual server connection limit with HTTP response
Problem this snippet solves:
This rule allows administrators to configure a maximum TCP connection limit for a virtual server. When the limit is reached, LTM sends a static HTML response.
The iRule maintains a count of active connections using a global variable. The rule assumes a connection count of zero to start with. To ensure the iRule starts with a valid connection count, it would be advisable to add the iRule to the virtual server when there are no active connections to the virtual server.
Code :
when RULE_INIT { # Set a global max for number of concurrent TCP connections set ::max_connections 2 # Set an HTML response to sent to clients who make a request while the VIP is over the max connection count set ::html_content "over limit" # Print debug messages to /var/log/ltm? 1=yes, 0=no set ::debug 1 # Initialize a counter for active connections (don't modify this) set ::active_connections 0 } when HTTP_REQUEST { # If we're over the limit for this connection, send a response if {$::active_connections > $::max_connections}{ # Send a response HTTP::respond 200 content $::html_content # Close the connection TCP::close # Log a message to /var/log/ltm if debug is enabled if {$::debug}{log local0. "Over limit (current/max: $::active_connections/$::max_connections). Sent response to [IP::client_addr]"} # We're not over the limit, so check if this is the first HTTP request on the TCP connection. } elseif {[HTTP::request_num] == 1}{ set validrequest 1 # Increment the TCP connection count. incr ::active_connections 1 } } when CLIENT_CLOSED { # A connection was closed, so decrement the global counter if {$validrequest == 1}{ incr ::active_connections -1 } }
- samstepCirrocumulusATTENTION: This code is for v9.x.x of BIG-IP only (which is no longer supported). DO NOT USE this on higher versions
- samstep_81205NimbostratusATTENTION: This code is for v9.x.x of BIG-IP only (which is no longer supported). DO NOT USE this on higher versions
- Aaron_33366NimbostratusThis iRule does exactly what I want to do! However someone commented that his is only for v9. I would think this should still work on 11.5.1 because the iRule is the TCL code. Can anyone validate that this would work on 11.5.1 code. In the mean time I will look to do a test myself as well. Thanks in advance.
- Aaron_33366NimbostratusI have tested this on 11.5.1 and it works perfectly!
- Chris_FPCirrusIt may work perfectly but it could also be demoting any VS it is attached to from CMP. https://support.f5.com/kb/en-us/solutions/public/13000/000/sol13033.html explains why. You should really be using session tables instead.
- luis_54438NimbostratusIt worked for TMOS 11.5.1. Use set static::max_connections 2 set static::html_content "over limit" set static::debug 1 set static::active_connections 0 And call it with $static::active_connections $static::max_connections $static::debug $static::active_connections best regards
- Rama_75068Nimbostratus
Hi, I have tried the iRules with 11.5.4, there seems to be error in LTM logs
- can't read "validrequest":no such variable while executing "if{$validrequest == 1}{incr static::active_connections -1}"
When try to simulate connection limit, the http page redirected, but it also redirects all the active users currently logging in the server.
Kindly advise. Thank you
I tried the above iRule but it is not working, my v13.1.1