CodeShare Refresh: HTTP Session Limit
kridsana,
Yes, the syntax dictates that you need the extra bracket at the end.
I know this is an old case but we are struggling with the same issue. We are running V12 which I understand should be able to run V11 irules fine. There was one change made to the rule we have and that is the following:
17: if {[HTTP::request_num] == 1}{ 18: table set -subtable httplimit [IP::client_addr]:[TCP::client_port] "blocked" 19: set timer [after 60000 -periodic { table lookup -subtable httplmit [IP::client_addr]:[TCP::client_port] } 20: }
TO: 17: if {not ([table keys -subtable httplimit -count] > $static::max_active_clients)} { 18: table set -subtable httplimit [IP::client_addr]:[TCP::client_port] "blocked" 540 19: set timer [after 60000 -periodic {table lookup -subtable httplimit [IP::client_addr]:[TCP::client_port] } ] 20: }
I didn't put this rule in place so I am not sure what the reason was for setting it this way, but I assume it was to address what you were saying, hoolio. That said, our code doesn't appear to be working as expected. I think this may have something to do with it, and the second reason I think it may be balking is because of a concurrency issue. My understanding is that this rule gets run per HTTP session as they are made to the F5. But what happens if say 2000 clients attempt to make a connection at the same time? Wouldn't each of those essentially query the database and see it in the same state, and thus each think they need to be added to the allowed pool?
Also, can someone explain what the line "table set -subtable httplimit [IP::client_addr]:[TCP::client_port] "blocked" 540" is doing? I was under the impression that we were adding IPs to the approved list, but this seems like it is adding those who are blocked, which seems backwards to me.