NimbostratusiRule time window - How to tell position within a window?
Hello, I have an iRule for rate-limiting signin attempts that uses a subtable for per-IP tracking. The rule limits unique source IP's to "maxRate" signin attempts within a "windowSecs" timeframe. While the rule works fine it may run up against a memory problem after long-term use. On suggestion from F5 support, I'm wanting to put in lines to delete the subtable to prevent the possible memory issue. This needs to be done when "windowSecs" expires, deleting it prior would negate the purpose of the rule.
when RULE_INIT {
set static::maxRate 15
set static::windowSecs 60
}
The main logic for the rule is:
if { $get_count < $static::maxRate } {
incr get_count 1
table set -subtable $clientip_limitervar $get_count $clientip_limitervar indefinite $static::windowSecs
} else {
log local0.notice "Sign-in rate-limiter triggered by True-Client-IP $client_id - count of $get_count from subtable $clientip_limitervar"
drop
return
}
i.e. I'm wanting to do something like the following:
if (windowTics >= $static::windowSecs) {
table delete -subtable $clientip_limitervar $get_count $clientip_limitervar
}
where "windowTics" is the number of seconds elapsed within the "windowSecs" window. Could someone please advise on how I can get the value of "windowTics"? Trying to keep this brief, will post the entire iRule if needed.
Thanks, -jay
