13-Mar-2021
04:09
- last edited on
04-Jun-2023
21:00
by
JimmyPackets
Hi
Is there any way to create the 'table incr' entry without timeout
according to f5 documentation it will have timeout of 180 seconds
is there any other syntax i can use instead of it to not have the 180 seconds timeout?
This is part of the iRule I'm using:
set srcip [IP::remote_addr]
if { [ASM::violation count] > 0 } {
set getCount [table incr $key]
if { $getCount< $static::maxRate } {
incr getCount 1
} else {
table delete $key
}
If there was no traffic for 3 minutes then the $key variable will be timeout, and the 'getCount' variable will be reset
13-Mar-2021
05:20
- last edited on
04-Jun-2023
21:00
by
JimmyPackets
OK, solved
I used this syntax:
set srcip [IP::remote_addr]
set curtime [clock second]
set hash $curtime
set key "count:$srcip:$hash"
if { [ASM::violation count] > 0 } {
table add -subtable "countvio" $key "inserted" indef
set getCount [table keys -subtable "countvio" -count]
if { $getCount< $static::maxRate } {
incr getCount 1
} else {
table delete -all -subtable "countvio"
}}
So the stategy was to create a subtable and insert a new unique key value (used current time seconds for that). And then counted the values in the subtable.