EranN_340350
Sep 17, 2018Nimbostratus
Rate limiting per IP and URI
Hi, I need to come up with a solution for rate limiting on a VS in our ASM so a source IP will be limited for specified URI's with 3 requests per minute, 10 requests per hour.
I got this iRule from the web:
when RULE_INIT {
set static::maxRate 3
set static::timeout 60
}
when HTTP_REQUEST {
if { [class match [HTTP::uri] contains URIs_to_throttle] } {
whitelist
if { [class match [IP::client_addr] equals Whitelist_IPs] }
{
return
}
End-of-whitelist
set methodCount [table key -count -subtable [IP::client_addr]]
log local0. "[IP::client_addr]: methodCount=$methodCount"
if { $methodCount < $static::maxRate } then {
incr methodCount 1
log local0. "Adding entry for [IP::client_addr]"
table set -subtable [IP::client_addr] [clock clicks] "1" indef $static::timeout
} else {
log local0. "[IP::client_addr] exceeded max HTTP requests per second"
HTTP::respond 429 content "Request blockedExceeded requests limit."
return
}
}
}
How should I modify this iRule so it will also include the 10 requests per hour limit ?
And second, is this the best approach for rate limiting? future demands will include a higher number of URI's and different time limits + global limits (not only per IP) for each URI, which will make the iRule handling and maintenance too complicated.
Thank you.