Forum Discussion

Sajin's avatar
Sajin
Icon for Nimbostratus rankNimbostratus
Jan 13, 2023

How to block traffic coming to particular URI based on the defined rate limit and connection limit

Hi, I have a requirement to block traffic coming to particular URI for the LTM VIP based on the rate limit and connection limit defined by application team.

Application team would like to see the number of connections coming to the URI and how many connections/ packets are getting dropped by irule in F5 logs.

We have LTM and ASM in our environment. But, I never dealt with ASM. Hence, any solution using irule will be appreciated. 

JRahm
security

4 Replies

Sort By
  • Sajin's avatar
    Sajin
    Icon for Nimbostratus rankNimbostratus
    Jan 13, 2023

    Just to add on my above question, here is the iRule I have written and looking for a modification to make the above requirement work:

    when RULE INIT {

    set static::maxRate 100

    set static: windowSecs 1

    }

    when HTTP REQUEST {

    if { ([HTTP::host] eq "test.abc.com") } {

    if { ([HTTP::uri] starts with "/common/xyz" ) }

    {

    set variables

    set limiter [string tolower [HTTP: uri]]

    set clientip limitervar [IP: :client_addr]

    if { $get count < $static::maxRate } {

    incr get count 1

    log local0. get count

    table set $get_count indefinite $static: :windowsecs

    } } else {

    log local0. "Sclientip_limitervar has exceeded the number of requests allowed." drop

    return

      }

    }

    }