HTTP Session Limit
Problem this snippet solves:
Limits total concurrent HTTP sessions to a pre-defined threshhold, allowing those clients with a session cookie to continue once the limit is reached, while redirecting new clients until concurrent sessions are again below the theshhold.
Code :
rule HTTP_session_limit { when RULE_INIT { set ::total_active_clients 0 set ::max_active_clients 100 log local0. "rule session_limit initialized: total/max: $::total_active_clients/$::max_active_clients" } when HTTP_REQUEST { ;# test cookie presence if {[HTTP::cookie exists "ClientID"]} { set need_cookie 0 set client_id [HTTP::cookie "ClientID"] ;# if cookie not present & connection limit not reached, set up client_id } else { if {$::total_active_clients < $::max_active_clients} { set need_cookie 1 set client_id [format "%08d" [expr { int(100000000 * rand()) }]] # Only count this request if it's the first on the TCP connection if {[HTTP::request_num] == 1}{ incr ::total_active_clients } ;# otherwise redirect } else { HTTP::redirect "http://sorry.domain.com/" return } } } when HTTP_RESPONSE { ;# insert cookie if needed if {$need_cookie == 1} { HTTP::cookie insert name "ClientID" value $client_id path "/" } } when CLIENT_CLOSED { ;# decrement current connection counter for this client_id if {$::total_active_clients > 0} { incr ::total_active_clients -1 } } }
Published Mar 18, 2015
Version 1.0