spam defender Maxxonnect

Hallo guy’s

 

We have a need for E-Mail security as a .

 

I’m trying to write an iRule for “friend mail” which you can send from our web page,

 

(send these page to my friend) the user can write E-Mail addressee from friend and some text in addition.

 

We’d like to be able block access for 1 hours based of source IP-Addresses

 

if they send more then 10 E-Mail per hours.

 

URL will be https://www.hostname.com/mail

 

My idea is, if someone gets /friendmail.jsp then put/cache source_ip in a time/session table.

 

With each renewed call of the /friendmail.jsp left a Counter is increased by one.

 

If the value 10 is reached, is the time differentiated over one hour to lie,

 

otherwise the Client SOURCE IP becomes closed for e.g. at least 1 hours

 

The iRule below I have got the Error:

 

HTTP_REQUEST - cant use empty string as operand of - while executing expr { $now - $usertime }

 

I’m for each proposal grateful.

 

Regards

 

-------------------------------------------------------

 

when RULE_INIT {

 

set ::maxconnect 10

 

set ::blocktime 3600

 

array set ::users { }

 

array set ::spammers { }

 

}

 

when HTTP_REQUEST {

 

if { [string tolower [HTTP::uri]] equals "/mail"} {

 

set clientip [IP::remote_addr]

 

set now [clock second]

 

log local0. "User is analyzed - $clientip"

 

if { [ info exists ::spammers($clientip) ] } {

 

if { $::blocktime > [expr { $now - $::spammers($clientip)} ] } {

 

the user tries to connect in the blocktime period

 

set ::spammers($clientip) $now

 

TCP::respond "550 Message Rejected - Too Much spam/r/n"

 

log local0. "The user tries to send while in the block period - $clientip"

 

drop

 

return

 

}

 

else

 

{

 

the timeout has expired free the user from the list

 

unset ::spammers($clientip)

 

log local0. "The user has been removed from the list - $clientip"

 

}

 

}

 

end of exist ::spammer Line

 

if { [info exists ::users($clientip)] } {

 

set usertime [getfield $::users($clientip) ":" 2]

 

log local0. "the user time is $usertime and now is $now - $clientip"

 

if { [expr { $now - $usertime } ] > $::blocktime } {

 

the last connection was before the timeout period

 

set ::users($clientip) "1:$now"

 

return

 

}

 

else {

 

the connection was in the timeout

 

set t [getfield $::users($clientip) ":" 1]

 

set ::users($clientip) "[incr [getfield $::users($clientip) ":" 1]]:$now"

 

log local0. "the user - $clientip - has been connected $t times before"

 

incr t

 

set ::users($clientip) "$t,$now"

 

log local0. "the user - $clientip - has been connected $t times after"

 

if { [getfield $::users($clientip) ":" 1] > $::maxconnect } {

 

the user has exceeded the max no of connections

 

add him to the spam list

 

set ::spammers($clientip) $now

 

set ::users($clientip) "1:$now"

 

TCP::respond "550 Message Rejected - Too much spam\r\n"

 

log local0. "this user has started spamming us - $clientip "

 

drop

 

return

 

end of Max connections

 

}

 

}

 

end of else

 

}

 

else {

 

new client not if exists ::users

 

set ::users($clientip) "1:$now"

 

log local0. "this is user has just connected - $clientip"

 

}

 

}

 

}