Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

How to limit access by time?

Dear community,

I need to handle requests for a particular domain in a different way. I usually apply a few simple conditions, for example, requests must arrive with the xpto.com header to be forwarded to the pool.

  • I use a BIG-IP LTM 13.0.0.

Now I need a particular domain, if it is called more than 50 times in 10 minutes by a same IP, block this IP for 30 minutes.

From what I've been researching I believe that the FLOW_INIT function helps me with what I need, but I still can not reach my goal.

Below is a simple example of what I use to test:

when HTTP_REQUEST {
    if {[HTTP::host] equals "drop.test:8080"} {
        switch -glob [HTTP::uri] {
            "/test/*" {
                log local0. "/test/ - accept - source: [IP::remote_addr] - uri: [HTTP::host][HTTP::uri]"
                HTTP::respond "Test ok!"
            }
            "/drop/*" {
                log local0. "/drop/ - accept - source: [IP::remote_addr] - uri: [HTTP::host][HTTP::uri]"
                HTTP::respond "Drop ok!"
            }
            default {
                log local0. "reject - source: [IP::remote_addr] - uri: [HTTP::host][HTTP::uri]"
                reject
            }
        }
    }
}
1
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

You could achieve this using subtables. Use two tables, a "pre-block" table to cache IP information, and a "block" table of IP addresses that have breached your policy. Using the lifetime facility you can create an effective TTL for the connection.

Example high level overview

1) Check if IP is in the 'block' subtable.
    yes - block
    no - continue

2) Is the IP in the 'pre-block' subtable
    yes - if counter > 49 add to block table with lifetime of 30 min
        - else increment connection counter where IP is the key, counter is the value. 

    no - write IP address to 'pre-block' table with a value of '1' and a lifetime of 30min

See the following link for further reading on subtables https://devcentral.f5.com/articles/v101-the-table-command-subtables

1