Forum Discussion

alvaro_martinez's avatar
alvaro_martinez
Icon for Nimbostratus rankNimbostratus
Mar 09, 2007

Use rule Limit Connections From Client

Hi all,

 

 

 

I´m trying to configure rule in bigip config file but I can´t to work correct.

 

 

I have the next configuration but when I try connect to virtual server from white list server, the virtual server can´t answer.

 

 

How do it for use test-pool?

 

 

 

Virtual description

 

 

virtual vs_xxxxxxxx_9000 {

 

destination xxxxxx:9000

 

ip protocol tcp

 

rule load_limit

 

 

 

Rule configuration

 

 

rule load_limit {

 

when RULE_INIT {

 

array set ::active_clients { }

 

array set white_client {

 

1.1.1.1

 

1.1.1.2

 

}

 

}

 

 

when CLIENT_ACCEPTED {

 

set client_ip [IP::remote_addr]

 

if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {

 

if {$::active_clients($client_ip) > 10 } {

 

reject

 

log local0. "Reject IP $client_ip ($::active_clients($client_ip))"

 

return

 

} else {

 

incr ::active_clients($client_ip)

 

}

 

} else {

 

set ::active_clients($client_ip) 1

 

pool test-pool

 

}

 

 

}

 

when CLIENT_CLOSED {

 

set client_ip [IP::remote_addr]

 

if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {

 

incr ::active_clients($client_ip) -1

 

if { $::active_clients($client_ip) <= 0 } {

 

unset ::active_clients($client_ip)

 

}

 

}

 

}

 

}

 

 

Regards
application delivery
dev
devops
iRules

3 Replies

Sort By
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Feb 19, 2008
    It's better to use the iRULE text field in the gui and then you can selected it for the virtual server xxxxx:9000
  • Nicolas_Menant's avatar
    Nicolas_Menant
    Icon for Employee rankEmployee
    Feb 19, 2008
    hi,

     

     

    it looks good ...

     

     

    Could you try to add some logging information and show us what you have for a white IP ?

     

     

     

    Exampl:

     

    when RULE_INIT {

     

    array set ::active_clients { }

     

    array set white_client {

     

    1.1.1.1

     

    1.1.1.2

     

    }

     

    }

     

     

    when CLIENT_ACCEPTED {

     

    set client_ip [IP::remote_addr]

     

    if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {

     

    log local0. "not an active connection or not a white IP"

     

    if {$::active_clients($client_ip) > 10 } {

     

    reject

     

    log local0. "Reject IP $client_ip ($::active_clients($client_ip))"

     

    return

     

    } else {

     

    log local0. "increase active clients"

     

    incr ::active_clients($client_ip)

     

    }

     

    } else {

     

    log local0. "new active client or White IP"

     

    set ::active_clients($client_ip) 1

     

    pool test-pool

     

    }

     

     

    }

     

    when CLIENT_CLOSED {

     

    set client_ip [IP::remote_addr]

     

    if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {

     

    log local0. "Closing connection, updating array"

     

    incr ::active_clients($client_ip) -1

     

    if { $::active_clients($client_ip) <= 0 } {

     

    unset ::active_clients($client_ip)

     

    }

     

    }

     

    }

     

     

    What is your BIGIP Version? If you are in v9.4.X version you need to remove the binary file sometimes after updating the config files.

     

     

    it may be better to work through the GUI as cmbhatt advised

     

     

    HTH