cancel
Showing results for 
Search instead for 
Did you mean: 

iRule Limit the number of HTTP requests by a client within a specified time

Alberto_Amante_
Nimbostratus
Nimbostratus

This iRule block all the traffic from the clientes with the ip addresses listed inside the iRule, doesnt work like the logic code, can you help me to understand which is the issue with theiRule?

 

when RULE_INIT {

#This defines how long is the sliding window to count the requests. This example allows 10 requests in 1 seconds*

set static::windowSecs 1

#IP Client address maximun request for each oneand the vlan id %819 for the partition

set class::conn_limit_dg {

  host 52.205.169.24%819 {"4"}

  host 52.205.60.156%819 {"4"}

  host 52.205.89.86%819 {"4"}

  host 71.201.163.113%819 {"4"} 

  host 34.197.3.255%9819 {"26"}

}

}

when CLIENT_ACCEPTED {

 

#Max connections per client IP 

set limit [class match -value [IP::client_addr] equals conn_limit_dg]

log local0. "[IP::client_addr]: \$limit: $limit"

 

}

when HTTP_REQUEST {

#Check if client IP is in the connection limit data group and the request is a GET 

if { $limit ne "" and [HTTP::method] eq "GET"} {

set getCount [table key -count -subtable [IP::client_addr]]

log local0. "[IP::client_addr]: getCount=$getCount"

if { $getCount < $limit} {

incr getCount 1

table set -subtable [IP::client_addr] $getCount "" indefinite $static::windowSecs

} else { log local0. "[IP::client_addr]: exceeded the number of requests allowed. $getCount / $limit"

#HTTP header with connection limit exceed the count request

HTTP::respond 429 content "Too Many Requests"

}

}

}

4 REPLIES 4

JRahm
Community Manager
Community Manager

Do you actually have a conn_limit_dg group saved? I doubt the iRule as is will pass validation if not, and I'm not clear what the class::conn_limit_dg is achieving in RULE_INIT.

Alberto_Amante_
Nimbostratus
Nimbostratus

Hi Jason

Today I created one datagroup in the load balncer called

conn_limit_dg_4Request, the point of this data group with ip addresses is to have 4 request per second for each client ip address, so How can I get the 4 request per second with this iRule that I changed with the datagroup configured? will it work like this change on the iRule?

 

 

when RULE_INIT {

 

#This defines how long is the sliding window to count the requests. This example allows 10 requests in 1 seconds*

 

set static::windowSecs 1

}

 

when CLIENT_ACCEPTED {

 

 

 

#Max connections per client IP 

 

set limit [class match -value [IP::client_addr] equals conn_limit_dg_4Request]

 

log local0. "[IP::client_addr]: \$limit: $limit"

 

 

 

}

 

when HTTP_REQUEST {

 

#Check if client IP is in the connection limit data group and the request is a GET 

 

if { $limit ne "" and [HTTP::method] eq "GET"} {

 

set getCount [table key -count -subtable [IP::client_addr]]

 

log local0. "[IP::client_addr]: getCount=$getCount"

 

if { $getCount < $limit} {

 

incr getCount 1

 

table set -subtable [IP::client_addr] $getCount "" indefinite $static::windowSecs

 

} else { log local0. "[IP::client_addr]: exceeded the number of requests allowed. $getCount / $limit"

 

#HTTP header with connection limit exceed the count request

 

HTTP::respond 429 content "Too Many Requests"

 

}

 

}

 

}

Alberto_Amante_
Nimbostratus
Nimbostratus

The problem task that i will have is this:

Configure iRule to Limit each IP to 4 requests per second: 

52.205.169.24

52.205.60.156

52.205.89.86

71.201.163.113

 

Limit following IP to 26 requests per second: 

34.197.3.255

 

HTTP::respond 429 Too Many Requests

 

I would like to know if this iRule will need something else for added 

Alberto_Amante_
Nimbostratus
Nimbostratus

I dont know how can i create a data group with these ip addreeses that match each one a value of the numere of request per second on the datagroup

conn_limit_dg {

  host 52.205.169.24%819 {"4"}>>>>number of the http request per second

  host 52.205.60.156%819 {"4"}

  host 52.205.89.86%819 {"4"}

  host 71.201.163.113%819 {"4"} 

  host 34.197.3.255%9819 {"26"}