Why my iRules on BIG-IP F5 does not work?

Question

I want to limit the HTTP::request rate from one client, Below is my iRules:

when HTTP_REQUEST {
    if { [HTTP::uri] == "/user/loginPub.jsp" } {
        if { [clock seconds] == $cur_time } {
            if { $req_count > 1 } {
                HTTP::respond 501 content "request blocked."
            }
            incr req_count
            return
        }
        set req_count 0
        set cur_time [clock seconds]
    }
}

But when I apply it to a virtual-server, the requests with that uri (/user/loginPub.jsp) reseted. Chrome shows "connection reset".

why it doesn't work? where is wrong ? Thanks

score 0 · Answer 1 · answered Aug 30 '14 at 22:11

This rule should not be causing a connection reset, so I suspect there is something else going on with the site. That said, it’s not going to do what you want it to either. [clock seconds] is never going to equal $cur_time since you didn’t assign a value to $cur_time before using it.

There’s a good example of a rate limiting rule you should be able to adapt on F5’s site:
https://devcentral.f5.com/login?returnurl=%2fWiki%2fiRules.RateLimit_HTTPRequest.ashx
(Free account needed to read the article.)

Why my iRules on BIG-IP F5 does not work?

1 Answers1