Forum Discussion

orange_team's avatar
orange_team
Icon for Nimbostratus rankNimbostratus
Dec 11, 2018

Limit sessions on VS with courtesy page

Hi, i'm new in iRule developing and also a beginner in programming at all, I'm a sys-admin :-\

 

I need to implement an iRule that, when needed, could be applied on VS in front of login page. We need to temporarily limit access on it. I cannot demand access restriction to the application or to web servers. This rule should limit the access to /login.aspx URI.

 

I tried some solution provided in these pages but i cannot find one good for me.

 

specifications:

 

  • connection limit should be defined in a datagroup.

     

  • limit could be related to total HTTP active connections or rate (conns/sec).

     

  • the user that exceeded the limit have to received a redirect to a sorry page.

     

  • users behind single IP could be all allowed, i do not necessary care about it.

     

I hope someone could help me, regards

 

application delivery
iRules
LTM

2 Replies

Sort By
  • orange_team's avatar
    orange_team
    Icon for Nimbostratus rankNimbostratus
    Dec 11, 2018

    I know i could use conns limitation embedded in VS configuration but using it the user experience that reach limit is not good so i need to develop an iRule

     

    thanks

     

  • jurgenvdmark_14's avatar
    jurgenvdmark_14
    Icon for Nimbostratus rankNimbostratus
    Dec 11, 2018

    you can use tables to count the amount of attempts within a given time frame. Set the timeframe to 1s for conn/s. (https://devcentral.f5.com/wiki/iRules.table.ashx)

     

    with the table incr command you can easily increase the counter for every request to /login.aspx

     

    You need to use the -notouch option to not update the timestamp when you increase the counter.

     

    When you reach the limit you can redirect to a sorry page with HTTP::redirect command

     

    Hope this helps