Your best bet is i-Rule 1.
Her is a version of i-Rule 1 that throttles all requests:
This is a complete rewrite that is CMP-friendly, see older TMOS v9 code below.
Request Throttling
This I-Rule allows only "maxRate" HTTP requests within "windowSecs" interval.
This version defaults to limiting POSTs. If you need to limit GETs and/or POSTs
See notes below.
It is possible to limit on a user basis. See notes below.
CMP compatible: Yes
This rule requires:
A default pool so that the session table can be used
05/20/2010, Irule revised to use CMP compatible commands.
- "static" is added to global variable names.
- arrays replaced with subtables.
This rule developed on:
TMOS v10.1.0 build 3341.0
LTM
when RULE_INIT {
set static::maxRate 5
set static::windowSecs 2
set static::timeout 30
}
when HTTP_REQUEST {
This I-Rule limits "POST" requests, if you want to limit GETs instead, replace
"POST" with "GET" in if statement below.
If you want to limit all types or requests, remove this "if" statement below as well as its
Corresponding curly bracket '\}' on or around line 67 clearly maked with a comment.
set myUserID "user"
set currentTime [clock seconds]
set windowStart [expr {$currentTime - $static::windowSecs}]
set postCount 0
PH stands for posthistory, a term from the original irule.
log -noname local0. "Table Keys [table keys -subtable 'PH:${myUserID}.${AES_key}']"
foreach { requestTime } [table keys -subtable "PH:${myUserID}"] {
count POSTs with start time > $windowStart, delete the rest
if { $requestTime > $windowStart } {
incr postCount 1
} else {
table delete -subtable "PH:${myUserID}" $requestTime
}
}
if { $postCount < $static::maxRate } {
add new record to array w/myUserID.rand + currentTime
set requestID "PH:${myUserID}"
table set -subtable $requestID $currentTime "ignored" $static::timeout
} else {
log -noname local0. "POST Rejected: current postCount for ${myUserID}: $postCount"
HTTP::respond 501 content "Request blockedExceeded requests/sec limit."
return
}
}
Nimbostratus
