Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

How to block traffic coming to particular URI based on the defined rate limit and connection limit

Sajin
Nimbostratus
Nimbostratus

Hi, I have a requirement to block traffic coming to particular URI for the LTM VIP based on the rate limit and connection limit defined by application team.

Application team would like to see the number of connections coming to the URI and how many connections/ packets are getting dropped by irule in F5 logs.

We have LTM and ASM in our environment. But, I never dealt with ASM. Hence, any solution using irule will be appreciated. 

4 REPLIES 4

Sajin
Nimbostratus
Nimbostratus

Just to add on my above question, here is the iRule I have written and looking for a modification to make the above requirement work:

when RULE INIT {

set static::maxRate 100

set static: windowSecs 1

}

when HTTP REQUEST {

if { ([HTTP::host] eq "test.abc.com") } {

if { ([HTTP::uri] starts with "/common/xyz" ) }

{

set variables

set limiter [string tolower [HTTP: uri]]

set clientip limitervar [IP: :client_addr]

if { $get count < $static::maxRate } {

incr get count 1

log local0. get count

table set $get_count indefinite $static: :windowsecs

} } else {

log local0. "Sclientip_limitervar has exceeded the number of requests allowed." drop

return

  }

}

}

You are going in the right way with the table command, so keep at it.

 

You can get ideas from my code for ASM rate limit:

 

https://community.f5.com/t5/codeshare/asm-waf-rate-limit-and-block-clients-by-source-ip-or-device-id...

Hi Nikoolay, the traffic on the homepage and other URI's also getting impacted with this iRule. I think need to have some modifications on this rule.

I gave you my irule as an example about how to make yours not as a copy/paste solution. In my irule on some places, I have not added or uncommented added "if { [class match [HTTP::uri] equals URIs_to_throttle] } {" also this device group should include URI that you want to limit the requests to.

 

 if { ! ( [class match $cIP_addr equals ip_whitelist] ) && ( [class match [HTTP::uri] equals URIs_to_throttle] )} {