Forum Discussion
BinaryCanary_19
Nov 13, 2015Historic F5 Account
- dragonflymrNov 13, 2015CirrostratusHi, Sure I can. Probably I will, I just was curious if there is a way to use what is already there somehow. I know now that for example data created by AVR can be retrieved via iStats, seems that it's not the case here. Anyway, seems that I will have to try my best to create kind of iRule for what I need - unfortunately I am far from being expert here. Maybe you can point me out to some good starting point for something like that - I would HTTP Session Rate Limit :-) Overall idea is: 1. Set the TCP connection and connection rate thresholds 2. If thresholds are not crossed allow any new TCP connection 3. If one of the threshold is exceeded start HTTP session checking 4. Verify presence of our validation cookie 5. Based on URI requested either allow TCP conn and HTTP request inside or drop it 6. Be able to set ovesubscription for TCP conn for HTTP request to specific URI (with correct cookie) - so such TCP conn are allowed even if thresholds are crossed but only if result will be exceeding limit by x% 7. Rate limit should be flexible - similar to virtual Connection Rate Limit mode - Per Virtual Server and Source Address - so being able to set mask for rate limit So in the end it should promote tcp connections containing http requests with session/validation cookie over ones without, but only when thresholds are crossed. In the end we want to allow users who already started session to be able to finish it, and users that do not start session to wait. Connection Limit/Rate Limit is a bit too generic and to low in the stack, we need this added functionality. Appreciate any links to topic covering similar case. Piotr