Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

How to block traffic coming to particular URI based on the defined rate limit and connection limit

Sajin
Nimbostratus
Nimbostratus

‎12-Jan-2023 20:11

Hi, I have a requirement to block traffic coming to particular URI for the LTM VIP based on the rate limit and connection limit defined by application team.

Application team would like to see the number of connections coming to the URI and how many connections/ packets are getting dropped by irule in F5 logs.

We have LTM and ASM in our environment. But, I never dealt with ASM. Hence, any solution using irule will be appreciated. 

Labels:
0 Kudos
4 REPLIES 4

Sajin
Nimbostratus
Nimbostratus

‎12-Jan-2023 20:31

Just to add on my above question, here is the iRule I have written and looking for a modification to make the above requirement work:

when RULE INIT {

set static::maxRate 100

set static: windowSecs 1

}

when HTTP REQUEST {

if { ([HTTP::host] eq "test.abc.com") } {

if { ([HTTP::uri] starts with "/common/xyz" ) }

{

set variables

set limiter [string tolower [HTTP: uri]]

set clientip limitervar [IP: :client_addr]

if { $get count < $static::maxRate } {

incr get count 1

log local0. get count

table set $get_count indefinite $static: :windowsecs

} } else {

log local0. "Sclientip_limitervar has exceeded the number of requests allowed." drop

return

  }

}

}

0 Kudos

Nikoolayy1
MVP
MVP
In response to Sajin

‎14-Jan-2023 10:15 - edited ‎14-Jan-2023 14:12

You are going in the right way with the table command, so keep at it.

 

You can get ideas from my code for ASM rate limit:

 

https://community.f5.com/t5/codeshare/asm-waf-rate-limit-and-block-clients-by-source-ip-or-device-id...

0 Kudos

Sajin
Nimbostratus
Nimbostratus
In response to Nikoolayy1

‎26-Jan-2023 12:21

Hi Nikoolay, the traffic on the homepage and other URI's also getting impacted with this iRule. I think need to have some modifications on this rule.

0 Kudos

Nikoolayy1
MVP
MVP
In response to Sajin

‎31-Jan-2023 13:36 - edited ‎31-Jan-2023 13:41

I gave you my irule as an example about how to make yours not as a copy/paste solution. In my irule on some places, I have not added or uncommented added "if { [class match [HTTP::uri] equals URIs_to_throttle] } {" also this device group should include URI that you want to limit the requests to.

 

 if { ! ( [class match $cIP_addr equals ip_whitelist] ) && ( [class match [HTTP::uri] equals URIs_to_throttle] )} {
0 Kudos
Copyright © 2023 Khoros, LLC