HTTP limit does not reduce sessions

Question

Hi, i used the HTTP session limit on my web, but i can't figure why the total connection of the hhtp does not reduce, but only increased and after few minutes the site can not serve, and i have to remove the irule ?&nbsp;
&nbsp;rule HTTP_session_limit {
&nbsp;  when RULE_INIT {
&nbsp;   set ::total_active_clients 0
&nbsp;   set ::max_active_clients 100
&nbsp;   log local0. "rule session_limit initialized: total/max: $::total_active_clients/$::max_active_clients"
&nbsp;  }
&nbsp;  when HTTP_REQUEST {
&nbsp;   ; test cookie presence
&nbsp;   if {[HTTP::cookie exists "ClientID"]} {
&nbsp;     set need_cookie 0
&nbsp;     set client_id [HTTP::cookie "ClientID"]
&nbsp;     ; if cookie not present &amp; connection limit not reached, set up client_id
&nbsp;   } else {
&nbsp;     if {$::total_active_clients &lt; $::max_active_clients} {
&nbsp;       set need_cookie 1
&nbsp;       set client_id [format "%08d" [expr { int(100000000 * rand()) }]]
&nbsp;       incr ::total_active_clients
&nbsp;       ; otherwise redirect
&nbsp;     } else {
&nbsp;       HTTP::redirect "http://sorry.domain.com/"
&nbsp;       return
&nbsp;     }
&nbsp;   }
&nbsp;  }
&nbsp;  when HTTP_RESPONSE {
&nbsp;   ; insert cookie if needed
&nbsp;   if {$need_cookie == 1} {
&nbsp;     HTTP::cookie insert name "ClientID" value $client_id
&nbsp;   }
&nbsp;  }
&nbsp;  when CLIENT_CLOSED {
&nbsp;   ; decrement current connection counter for this client_id
&nbsp;   if {$::total_active_clients &gt; 0} {
&nbsp;     incr ::total_active_clients -1
&nbsp;   }
&nbsp;  }
&nbsp; }&nbsp;

david_horton_20 · Answer

Hi&nbsp;
&nbsp;I have also had a few problems with this rule (strangely I was having the opposite problem) and have found it more reliable to increment and decrement the total_active_clients using the "when CLIENT_ACCEPTED" and "when CLIENT_CLOSED" events. &nbsp;
&nbsp;Hope that helps, I did get end up with a rule that works pretty well eventually.&nbsp;
&nbsp;Dave

mlick2 · Answer

What actually triggers the CLIENT_CLOSED event?  I am using this same iRule and I am seeing that within 5 - 20 seconds of the HTTP_REQUEST, the CLIENT_CLOSED event is triggered and my user count is decremented by 1.  Therefore I am not keeping an accurate count of how many active sessions there are because my count is back down to 0 and  within a few seconds another round of users are allowed to get a cookie and pass through.

david_horton_20 · Answer

I encountered exactly the same problem, I not sure what triggers the event myself, it does seem to vary according to serveral factors (client browser, traffic level, etc.).  I got around it by using CLIENT_ACCEPTED to increment and CLIENT_CLOSED to decrement, this is not 100% reliable but is good enough, I just reset my count every so often (couple of times a month) using the count in the statistics page to keep it accurate.

Forum Discussion

HTTP limit does not reduce sessions

3 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Reduce Login Friction with F5 Distributed Cloud Authentication Intelligence

HTTP Session Limit

Session Limiting

HTTP session limit

SSL Orchestrator Advanced Use Cases: Reducing Complexity