Bruno_Esteves_2
Apr 13, 2017Nimbostratus
iRule - Sliding window
Dears,
I'm trying to include a sliding window of time to counting requests. (e.g. if I have 8 req in 60 sec, block for 600 sec.)
So, I did change ($static::timeout $static::timeout) to ($static::timeout $static::winsec) and include (set static::winsec 60). But, didn't work. Have I missed something here ?
Here a working iRule that I'm using to block more than 8 reqs:
when HTTP_REQUEST {
if { [HTTP::uri] ends_with "/URI" and [HTTP::method] eq "POST"}{
set static::maxRate 8
set static::timeout 600
set client_IP_addr [IP::client_addr]
set getcount [table lookup -notouch "$client_IP_addr:[HTTP::uri]"]
if { $getcount equals "" } {
table set "$client_IP_addr:[HTTP::uri]" "1" $static::timeout $static::timeout
} else {
if { $getcount < $static::maxRate } {
table incr -notouch "$client_IP_addr:[HTTP::uri]"
} else {
log -noname local0. "REQUEST Rejected: current requestCount for $client_IP_addr"
reject
}
}
}
}
Cheers, Bruno