Virtual server connection limit with HTTP response
Problem this snippet solves:
This rule allows administrators to configure a maximum TCP connection limit for a virtual server. When the limit is reached, LTM sends a static HTML response.
The iRule maintains a count of active connections using a global variable. The rule assumes a connection count of zero to start with. To ensure the iRule starts with a valid connection count, it would be advisable to add the iRule to the virtual server when there are no active connections to the virtual server.
Code :
when RULE_INIT {
# Set a global max for number of concurrent TCP connections
set ::max_connections 2
# Set an HTML response to sent to clients who make a request while the VIP is over the max connection count
set ::html_content "over limit"
# Print debug messages to /var/log/ltm? 1=yes, 0=no
set ::debug 1
# Initialize a counter for active connections (don't modify this)
set ::active_connections 0
}
when HTTP_REQUEST {
# If we're over the limit for this connection, send a response
if {$::active_connections > $::max_connections}{
# Send a response
HTTP::respond 200 content $::html_content
# Close the connection
TCP::close
# Log a message to /var/log/ltm if debug is enabled
if {$::debug}{log local0. "Over limit (current/max: $::active_connections/$::max_connections). Sent response to [IP::client_addr]"}
# We're not over the limit, so check if this is the first HTTP request on the TCP connection.
} elseif {[HTTP::request_num] == 1}{
set validrequest 1
# Increment the TCP connection count.
incr ::active_connections 1
}
}
when CLIENT_CLOSED {
# A connection was closed, so decrement the global counter
if {$validrequest == 1}{
incr ::active_connections -1
}
}
CirrostratusCirrostratus8 Comments
Sulabh_SrivastaCirrus
I tried the above iRule but it is not working, my v13.1.1
Rama_75068Nimbostratus
Hi, I have tried the iRules with 11.5.4, there seems to be error in LTM logs
- can't read "validrequest":no such variable while executing "if{$validrequest == 1}{incr static::active_connections -1}"
When try to simulate connection limit, the http page redirected, but it also redirects all the active users currently logging in the server.
Kindly advise. Thank you
luis_54438It worked for TMOS 11.5.1. Use set static::max_connections 2 set static::html_content "over limit" set static::debug 1 set static::active_connections 0 And call it with $static::active_connections $static::max_connections $static::debug $static::active_connections best regards- Chris_FPIt may work perfectly but it could also be demoting any VS it is attached to from CMP. https://support.f5.com/kb/en-us/solutions/public/13000/000/sol13033.html explains why. You should really be using session tables instead.
Aaron_33366I have tested this on 11.5.1 and it works perfectly!- Aaron_33366This iRule does exactly what I want to do! However someone commented that his is only for v9. I would think this should still work on 11.5.1 because the iRule is the TCL code. Can anyone validate that this would work on 11.5.1 code. In the mean time I will look to do a test myself as well. Thanks in advance.
- samstep
Cirrocumulus
ATTENTION: This code is for v9.x.x of BIG-IP only (which is no longer supported). DO NOT USE this on higher versions - samstep_81205ATTENTION: This code is for v9.x.x of BIG-IP only (which is no longer supported). DO NOT USE this on higher versions