CodeShare
Have some code. Share some code.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner
hooleylist
Cirrostratus
Cirrostratus

Problem this snippet solves:

This rule allows administrators to configure a maximum TCP connection limit for a virtual server. When the limit is reached, LTM sends a static HTML response.

The iRule maintains a count of active connections using a global variable. The rule assumes a connection count of zero to start with. To ensure the iRule starts with a valid connection count, it would be advisable to add the iRule to the virtual server when there are no active connections to the virtual server.

Code :

when RULE_INIT {

   # Set a global max for number of concurrent TCP connections
   set ::max_connections 2

   # Set an HTML response to sent to clients who make a request while the VIP is over the max connection count
   set ::html_content "over limit"

   # Print debug messages to /var/log/ltm?  1=yes, 0=no
   set ::debug 1

   # Initialize a counter for active connections (don't modify this)
   set ::active_connections 0
}
when HTTP_REQUEST {

   # If we're over the limit for this connection, send a response
   if {$::active_connections > $::max_connections}{

      # Send a response
      HTTP::respond 200 content $::html_content

      # Close the connection
      TCP::close

      # Log a message to /var/log/ltm if debug is enabled
      if {$::debug}{log local0. "Over limit (current/max: $::active_connections/$::max_connections). Sent response to [IP::client_addr]"}

   # We're not over the limit, so check if this is the first HTTP request on the TCP connection.  
   } elseif {[HTTP::request_num] == 1}{
      set validrequest 1
      # Increment the TCP connection count.
      incr ::active_connections 1
   }
}

when CLIENT_CLOSED {
   # A connection was closed, so decrement the global counter
   if {$validrequest == 1}{
       incr ::active_connections -1
   }
}
Comments
samstep
Cirrocumulus
Cirrocumulus
ATTENTION: This code is for v9.x.x of BIG-IP only (which is no longer supported). DO NOT USE this on higher versions
samstep_81205
Nimbostratus
Nimbostratus
ATTENTION: This code is for v9.x.x of BIG-IP only (which is no longer supported). DO NOT USE this on higher versions
Aaron_33366
Nimbostratus
Nimbostratus
This iRule does exactly what I want to do! However someone commented that his is only for v9. I would think this should still work on 11.5.1 because the iRule is the TCL code. Can anyone validate that this would work on 11.5.1 code. In the mean time I will look to do a test myself as well. Thanks in advance.
Aaron_33366
Nimbostratus
Nimbostratus
I have tested this on 11.5.1 and it works perfectly!
Chris_FP
Cirrus
Cirrus
It may work perfectly but it could also be demoting any VS it is attached to from CMP. https://support.f5.com/kb/en-us/solutions/public/13000/000/sol13033.html explains why. You should really be using session tables instead.
luis_54438
Nimbostratus
Nimbostratus
It worked for TMOS 11.5.1. Use set static::max_connections 2 set static::html_content "over limit" set static::debug 1 set static::active_connections 0 And call it with $static::active_connections $static::max_connections $static::debug $static::active_connections best regards
Rama_75068
Nimbostratus
Nimbostratus

Hi, I have tried the iRules with 11.5.4, there seems to be error in LTM logs

 

- can't read "validrequest":no such variable while executing "if{$validrequest == 1}{incr static::active_connections -1}"

 

When try to simulate connection limit, the http page redirected, but it also redirects all the active users currently logging in the server.

 

Kindly advise. Thank you

 

Sulabh_Srivasta
Altostratus
Altostratus

I tried the above iRule but it is not working, my v13.1.1

Version history
Last update:
‎18-Mar-2015 16:15
Updated by:
Contributors