Forum Discussion
13 Replies
- Shaun_Simmons1Altostratus
You definitely want an iRule that has a datagroup configured, just in case you want to add more IP's in the future.
I'm not an iRule guru..ha! One of the guys will chime in soon! :)
- Shaun_Simmons1Altostratus
Hmm try this haha..just found it.
 
if { [class match [IP::remote_addr] equals ip_blacklist] } { reject event disable all return } Referenced from: https://devcentral.f5.com/s/feed/0D51T00006i7WnQSAU Create a datagroup called "ip_blacklist"
- Shaun_Simmons1Altostratus
Single IP:
when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals xx.xx.xx.xx/xx] } { reject } } Answered by Kevin Stewart on the link above.
- VernonWellsEmployee
And, of course, to do the same but with quite a bit more performance, consider using AFM. If you have at least a Better bundle, it is already available to you.
- yuanqiang_22112Nimbostratus
@ Vernon, my customer not buy AFM,and now need to solve his question ,do you know how to limit client connections not more than 50 ?
- Vernon_97235Historic F5 Account
And, of course, to do the same but with quite a bit more performance, consider using AFM. If you have at least a Better bundle, it is already available to you.
- yuanqiang_22112Nimbostratus
@ Vernon, my customer not buy AFM,and now need to solve his question ,do you know how to limit client connections not more than 50 ?
- yuanqiang_22112Nimbostratus
@Shaun Simmons, thank for your answer; For any source ip if it's connections more than 50 ,I'll reject it's flow. I read your irules it's function equal packet filter ,can your have another idea ?
- Shaun_Simmons1Altostratus
Found this post - https://devcentral.f5.com/s/feed/0D51T00006i7OkLSAU
 
There are a few iRules that can fit your need. Read towards the bottom and look for Hoolio's post
 
*Note: Verbiage of the iRule is based on your TMOS version.
 
- yuanqiang_22112Nimbostratus
3Q
- VernonWellsEmployee
Is it your desire to limit each source IP address to no more than 50 connections through a particular Virtual Server, or to limit the total number of connections to a Virtual Server to 50, regardless of source address? The latter is trivial; there is a connection limit setting on Virtual Servers. If it is the former, then the last entry in this post references a few rules that can be used to accomplish this:
- TayF5unNimbostratus
You should try irule which is below. However, I have not tried before.
when HTTP_REQUEST {
set getCount [table key -count -subtable [IP::client_addr]]
if { $getCount > 50 } {
reject
}
else {
return
}
}