Throttling iRule for webapplications

Question

Hi, does anyone have an iRule suitable to throttle connections to a set of URI's (webapplications)?
&nbsp;The problem we are trying to solve is the intentional (or unintentional in the case of the aggressive webcrawler) Denial of Service (DoS)'ing of these webapps which each have their own rate limits (before their database connections are all used up and their back up the apache threads and everything  on the shared infrastructure comes to a grinding halt)&nbsp;
&nbsp;So a variation of this iRule:
&nbsp;http://devcentral.f5.com/Wiki/default.aspx/iRules/RateLimit_HTTPRequest.html
&nbsp;is what I am looking for.&nbsp;
&nbsp;With a set of URI's mapped to their rate limits.
&nbsp;When the max number of connections is reached the Max+1 th request gets the "Service Unavailable" message&nbsp;
&nbsp;Assume these webapps are all publicly available (by design and necessity)&nbsp;
&nbsp;Thought I'd check before attempting to code my own&nbsp;
&nbsp;thanks,
&nbsp;Fletcher.

joe_pruitt · Answer

Hi Fletcher,&nbsp;
&nbsp;There aren't any that I know of that do exactly this, but the one you referenced shouldn't be that far off so you'll have something to start with.&nbsp;
&nbsp;If you come up with one, please post it back here to either the forums or the CodeShare as I'm sure others would benefit from your work!  Or better yet ..., build it with the iRule Editor and share it that way!&nbsp;
&nbsp;-Joe

fletcher_cocquy · Answer

I found an apache module that will do exactly what I need with one directive:&nbsp;
&nbsp;http://dominia.org/djao/limitipconn2.html&nbsp;
&nbsp;thanks,
&nbsp;F&nbsp;
&nbsp;PS: I like the iRule editor - suggestion: can you add a Subversion module so we can check in changes directly to revision control?&nbsp;

joe_pruitt · Answer

Not sure if the editor will include subversion support as I'd like to limit the amount of external code dependencies.  But, you can use the export feature to export the rules to a local folder.  Then use TortoiseSVN on that folder to link it to a source repository.  The Editor even has an option to open the local iRule archive folder for you and then you can check-in your rules as you wish.&nbsp;
&nbsp;-Joe

Forum Discussion

Throttling iRule for webapplications

3 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

iRule for bandwidth throttling per client IP

iRULE regsub error

owa iapp assign irule

Irule Trigger two times

iRule assistance for subfolder redirect