HTTP Request Throttle by IP and UserAgent
Published Mar 15, 2017
Version 1.0Was this article helpful?
Just a quick note, this is a great iRule, I've used it internally, but an attacker alone (no need for many attackers) can generate a new random IP and add it in the X-forwarded-for Header. Same for the UserAgent header, he can generate a new one for each request.
The attacker can then create a lot of entry in the table with a relatively simple loop and take almost all the "chance" of the legitimate users to be able to execute a request.
It's then a DOS situation. If it happen, the only solution is to blacklist the IP.
I don't think it's avoidable by using just iRule, I just wanted to point it.