Forum Discussion

Nicky_Lo_70982's avatar
Nicky_Lo_70982
Icon for Nimbostratus rankNimbostratus
Oct 10, 2005

Limit client HTTP connections in certain period

Hi all,

 

 

I would like to limit the nummber of HTTP connections from same IP address. I found that some posts have talk about the similar stuff e.g. http://devcentral.f5.com/default.aspx?tabid=28&forumid=5&postid=1674&view=topic, but all are about the concurrent connections. As HTTP connection won't last very long time, limit TCP connections by concurrent connection doesn't work for my case.

 

 

Anyone can give me some advices on limiting HTTP connections in certain period? Is it possible to use Session? Since I am new in iRules, please show me some example. Thx.

 

 

Best Regards,

 

Nicky
application delivery
dev
devops
iRules

5 Replies

Sort By
  • unRuleY_95363's avatar
    unRuleY_95363
    Historic F5 Account
    Oct 11, 2005
    You would need to use the "clock" command which isn't properly supported until 9.2.

     

     

    Basically, you would want to store the time of the connection in the session table (probably with a count) and then check that time when another connection comes in. You could then impose a number connections per time period restriction. You can certainly prototype this, but please wait for 9.2 before putting the "clock" command into production as it's impact has not been determined and it is not supported.

     

  • Nicky_Lo_70982's avatar
    Nicky_Lo_70982
    Icon for Nimbostratus rankNimbostratus
    Oct 24, 2005
    Hi unRuleY,

     

     

    I have upgraded the OS to v9.2. Could you show me some examples on using "clock" command to limit the number of HTTP connections in certain period?

     

     

    Thanks & Regards,

     

    Nicky
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Oct 24, 2005
    Is that total connections or concurrent connections that you are wanting to allow in a particular timeframe?
  • Nicky_Lo_70982's avatar
    Nicky_Lo_70982
    Icon for Nimbostratus rankNimbostratus
    Oct 25, 2005
    Hi citizen_elah,

     

     

    I would like to limit the total nummber of HTTP connections from a single IP address in a particular timeframe.

     

     

    Thanks,

     

    Nicky
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Oct 27, 2005
    Take a look at these posts, and shoot back with any questions you might have

     

     

     

    http://devcentral.f5.com/default.aspx?tabid=28&forumid=5&postid=1990&view=topic

     

    http://devcentral.f5.com/Default.aspx?tabid=28&view=topic&forumid=5&postid=2169