Forum Discussion

Bruno_Esteves_2's avatar
Bruno_Esteves_2
Icon for Nimbostratus rankNimbostratus
Apr 13, 2017

iRule - Sliding window

Dears,

I'm trying to include a sliding window of time to counting requests. (e.g. if I have 8 req in 60 sec, block for 600 sec.)

So, I did change ($static::timeout $static::timeout) to ($static::timeout $static::winsec) and include (set static::winsec 60). But, didn't work. Have I missed something here ?

Here a working iRule that I'm using to block more than 8 reqs:

when HTTP_REQUEST {

if { [HTTP::uri] ends_with "/URI" and [HTTP::method] eq "POST"}{

    set static::maxRate 8
    set static::timeout 600
    set client_IP_addr [IP::client_addr]

    set getcount [table lookup -notouch "$client_IP_addr:[HTTP::uri]"]
    if { $getcount equals "" } {
    table set "$client_IP_addr:[HTTP::uri]" "1" $static::timeout $static::timeout

    } else {
    if { $getcount < $static::maxRate } {
    table incr -notouch "$client_IP_addr:[HTTP::uri]"

    } else {
    log -noname local0. "REQUEST Rejected: current requestCount for $client_IP_addr"
    reject
}
}
}
}

Cheers, Bruno

ASM Advanced WAF
iRules
security

2 Replies

Sort By
  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Apr 14, 2017

    Try the following..

    when HTTP_REQUEST {
   create a unique entry for each request that will expire in 60 seconds
  table set -subtable "[IP::client_addr]:[HTTP::uri]" [TMM::cmp_unit][clock clicks] 0 60

  if {[table keys -subtable "[IP::client_addr]:[HTTP::uri]" -count] > 8} {
    log -noname local0. "REQUEST Rejected: current request  for $client_IP_addr"
    reject
  }
}
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Apr 14, 2017

    Hi,

     

    don't change static variables in HTTP_REQUEST event... static variables are variables shared by all TMM

     

    static variables may be set in RULE_INIT (when irule is loaded : restart of appliance or code change)

     

    when RULE_INIT {
    set static::maxRate 8
    set static::timeout 600
}

    then use the variable in HTTP_REQUEST.