Satoshino
Apr 30, 2021Cirrus
Irule Trigger two times
Hi, I created this irule in order to set rate limit based on source IP: when RULE_INIT {
set static::maxRate 4
set static::windowSecs 10
log local0. "Var Creation"
}
when HTTP_R...
- Apr 30, 2021
Looking at the logs at glance, its actually 2 requests not 1 requests.
You are stating the below is just 1 request.
first request: Apr 30 10:06:24 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 192.168.19.12 Apr 30 10:06:24 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 0 before increase Apr 30 10:06:24 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 1 after increase Apr 30 10:06:25 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 192.168.19.12 Apr 30 10:06:25 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 1 before increase Apr 30 10:06:25 F5SecLab info tmm[11625]: Rule /Common/Rate_Limit_Irule <HTTP_REQUEST>: 2 after increase
But if we look at the Irule of yours, in HTTP_REQUEST event, your 1st piece of code itself is logging the client ip [IP::client_addr]. Comparing that with the above logs, we can see that it got triggered twice in line 2 & line 5, so its actually 2 HTTP_REQUEST not one. You may think its 1 request, but its actually 2.
May be there was some image, html, json resource references were their in the page you 1st queried & then second would been that call.
Can you open your developer tool when sending the the requests & see what's all flowing in the network chart.