Per-IP rate limiting for non-matching IPs

Question

I wrote an iRule that 403'ed any requesting IPs that did NOT match a class of IPs. 
rule filter_clients_rule {
when HTTP_REQUEST {
  if { [matchclass [IP::client_addr] equals $::MySelfDefined_Network_class] } {
   pool regular-site-pool
  }
  else {
   HTTP::respond 403
  }
}
}

How would one write a similar rule for ASM to simply throttle those non-matching IPs?

stewart · Answer

You could do something like this assuming your default pool is "regular-site-pool" and you'd need to create the rate class "non-matching-IPs as well:
rule filter_clients_rule { when HTTP_REQUEST { if { [matchclass [IP::client_addr] not $::MySelfDefined_Network_class] } { rateclass non-matching-IPs } } } 
` 
This isn't using ASM though.

Forum Discussion

Per-IP rate limiting for non-matching IPs

1 Reply

Recent Discussions

Pricing when used with aws waf

F5 Rseries R2600 Tenant sizing

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Related Content

F5 BIG-IP per application Red Hat OpenShift cluster migrations

F5 BIG-IP deployment with OpenShift - per-application 2-tier deployments

BIG IP DNS - Queries Per Second

Introduction to F5 Distributed Cloud Console Rate Limiting Feature

Rate limiting per IP and URI