lstewart_53611
Apr 21, 2010Nimbostratus
Limiting number of connected clients
I am trying to write a rule to limit the number of individual clients that can connect to a VS, but not limit the total number of connections that they can have. After that limit has been reached, additional attempted connections should be dropped. So say 1000 clients (individual IPs) connect, any requests from additional clients are rejected, while any requests from already-connected clients are fine.
I think I might need to get some persistence in on the action, but I'm not sure if that's the best way to go about it. I think what I have hear will actually limit the number of total connections rather than the number of clients:
when RULE_INIT {
set ::connectedclients { }
}
when CLIENT_ACCEPTED {
set client_ip [IP::remote_addr]
if { [info exists ::connectedclients] } {
if {$::connectedclients > 1000 } {
reject
return
} else {
incr ::connectedclients
}
} else {
set ::connected 1
}
}
when CLIENT_CLOSED {
if { [info exists ::connectedclients] } {
incr ::connectedclients -1
if { $::connectedclients <= 0 } {
unset ::connectedclients
}
}
}
The client_ip variable is unused above, though it needs to be used. I don't want to try to keep a list of 1000 IPs to check through, obviously. Any ideas? I thought of setting IP persistence and limiting the total to 1000 in that fashion, but there's no real way for me to decrement the connected users in tat way. However, I can abandon that portion and only allow 1000 clients to connect in a certain time period.