Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Connection limit for a URI path.

fmoghimi
Nimbostratus
Nimbostratus

‎09-Jul-2021 06:53

Hi

 

I just got the question to put a connection limit for a single URI path of a virtual server.

The virtual server is used for multiple applications. so like, www.example.com/app1 or /app2.

So If i set the connection limit for the example.com virtual server, the connection limit is set for both app1 and app2. The virtual server has a rewrite profile for this.

Is it possible to set a connection limit for a single application?

The only way I can see it work is an irule, but i'm pretty new to irules, I haven't found anything on the internet about this.

Any help is appreciated. Thanks in advance!

Labels:
0 Kudos
1 REPLY 1

Amine_Kadimi
MVP
MVP

‎09-Jul-2021 12:21 - last edited on ‎04-Jun-2023 19:23 by Fog

Hi,

You are looking after limiting L7 requests and not L4 connections which are not aware of the /app1 /app2... paths.

This iRule is a good starting point :

# This iRule limits the number of HTTP Requests from a specified client IP address to 100 HTTP Requests for 5 minutes
# A Data Group IP_Throttle_List will contain the IP addresses that require throttling
 
when HTTP_REQUEST {
 
# Check if the IP address is within the defined list of addresses to throttle
if { [class match [IP::client_addr] equals IP_Throttle_List ] } {
 
        # Check if there is an entry for the client_addr in the table
        if { [ table lookup -notouch [IP::client_addr] ] != "" } {
        # If the value is less than 100 increment it by one
            log local0. "Client Throttle: Value present for [IP::client_addr]"
                        if { [ table lookup -notouch [client_addr] ] < 100 } {
                        log local0. "Client Throttle: Number of requests from client = [ table lookup -notouch [client_addr] ]"
                        table incr -notouch [IP::client_addr] 1
                        } else {
                            log local0. "Client Throttle: Client has exceeded the number of allowed requests of [ table lookup -notouch [client_addr] ]"
                            # This else statement is invoked when the table key value for the client IP address is more than 100. That is, the client has reached the 100 request limit
                                    HTTP::respond 200 content {
                                        <html>
                                        <head>
                                        <title>Information Page</title>
                                        </head>
                                        <body>
                                          We are sorry, but the site has received too many requests. Please try again later.
                                        </body>
                                        </html>
                                    }
                       }
            } else {
                    # If there is no entry for the client_addr create a new table to track number of HTTP_REQUEST. Lifetime is set to 5 minutes
                    log local0. "Client Throttle: Table created for [IP::client_addr]"
                    table set [IP::client_addr] 1 300
                    }
 
} else {
    return
}
 
}

Source: https://clouddocs.f5.com/api/irules/Limit-the-number-of-HTTP-requests-by-a-client-within-a-specified...

You can remove the class match part if not needed. And you can add the check of the exact path requested by the client using :

if { [HTTP::uri] starts_with "/app1" } {
     ...
 }

Let me know if that helps

Copyright © 2023 Khoros, LLC