Forum Discussion

SanjayP's avatar
SanjayP
Icon for Nacreous rankNacreous
Dec 13, 2013

iRule to allow only POST method

I'm using iRule from wiki page where need to throttle http requests also need to allow only POST requests, others should be dropped. throttling works great but having issue with dropping other http methods. Also have requirement where F5 should return failure response with a randomized ‘retry-after’ value. Pls help.

iRule used is below

when RULE_INIT {
set static::maxRate 10
set static::windowSecs 3
set static::timeout 30
}
when HTTP_REQUEST {
set method [HTTP::method]
log local0. "http request is of $method"
if { $method eq "POST" } {
 return
    set postCount [table key -count -subtable [IP::client_addr]]
    log local0. "postCount=$postCount"
    if { $postCount < $static::maxRate } {
        incr postCount 1
        table set -subtable [IP::client_addr] $postCount "ignore" $static::timeout $static::windowSecs
        log local0. "This user $user has exceeded the number of requests allowed."
        HTTP::respond 501 content "Request blockedExceeded requests/sec limit."
       } else {
       drop }

    }
}
application delivery
devops
iRules

2 Replies

Sort By
  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Dec 16, 2013

    Try this;

    when RULE_INIT {
    set static::maxRate 10
    set static::windowSecs 3
    set static::timeout 30
}
when HTTP_REQUEST {
    set method [HTTP::method]
    log local0. "http request is of $method"
    if { $method eq "POST" } {
        set postCount [table key -count -subtable [IP::client_addr]]
        log local0. "postCount=$postCount"
        if { $postCount < $static::maxRate } {
            incr postCount 1
            table set -subtable [IP::client_addr] [expr {int (rand() * 10000)}] "ignore" $static::timeout $static::windowSecs
            return
        } else {
            log local0. "This user $user has exceeded the number of requests allowed."
            HTTP::respond 501 noserver Content "Request blockedExceeded requests/sec limit." Retry-After [expr {int (rand() * 100)}]
            return
        } 
    } else {
         Return "Method not allowed"
        HTTP::respond 405 noserver
        return
    }
}
  • SanjayP's avatar
    SanjayP
    Icon for Nacreous rankNacreous
    Dec 16, 2013

    Many thanks IheartF5. Can you please do 1 last favor and explain part

      HTTP::respond 501 noserver Content "Request blockedExceeded requests/sec limit." 
  Retry-After [expr {int (rand() * 100)}]