how to limit a client IP from continuously opening connections to the server
Hi guys, I'm a noob to iRules and was wondering if there was a way we could write up an iRule to limit the amount of connections a user can open over a course of a period of time. We got hammered by one user that continuously tried to make connections to a server just to download a pdf file we had online. So to mitigate the issue, we want to see if we limit that one user from overloading our servers with requests and taking them down, without denying them access completely.
We did a search and we found this iRule that seems to be kind of what we are looking for. Is this the correct iRule to use in our environment. A few things to know, is that we have a OneConnect and X_Forward_For profile setup, in addition, we are using SNAT Automap.
Please let me know. Thanks in advance for your help.
when RULE_INIT {
this is the life timer of the subtable object. defines how long this object exist in the subtable
set static::maxRate 120
This defines how long is the sliding window to count the requests. This example allows 30 requests in 3 seconds
set static::windowSecs 3
set static::timeout 30
This turns on/off debug logging (0 = off, 1 = on)
set DEBUG 1
}
when HTTP_REQUEST {
if { ([HTTP::method] eq "GET") and ([string tolower [HTTP::header "User-Agent"]] contains "android" )}
{
set getCount [table key -count -subtable [IP::client_addr]]
if { $DEBUG } { log local0. "getCount=$getCount" }
if { $getCount < $static::maxRate } {
incr getCount 1
table set -subtable [IP::client_addr] $getCount "ignore" $static::timeout $static::windowSecs
} else {
if { $DEBUG } { log local0. “This IP: [IP::client_addr] has exceeded the number of requests allowed. ” }
HTTP::respond 501 content "We apologize but your request/sec limit has exceeded the set threshold. Please wait 30 seconds and refresh the page."
return
}
}
}