Misty_Spillers
Mar 04, 2016Nimbostratus
Please help me rewrite an iRule from Ver 9 to version 11.6 (How to detect excessive connections)
I used to use this rule (which I grabbed from here) on version 9 to detect and alert on IP addresses making excessive connection to VIPs. I was wondering if anyone could help me optimize it for version 11.6. I would like the "whitelist" to be a data group if possible.
Or if you have any other suggestions how to accomplish this without ASM (working on getting it) please let me know.
Thank you very much.
Misty
Code
when RULE_INIT {
array set ::active_clients { }
array set white_client {
x.x.x.x
x.x.x.x
}
}
when CLIENT_ACCEPTED {
set client_ip [IP::remote_addr]
if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {
if {$::active_clients($client_ip) > 50 } {
incr ::active_clients($client_ip)
log "Alert! $::active_clients($client_ip) connections to mysite.com from $client_ip"
return
} else {
incr ::active_clients($client_ip)
}
} else {
set ::active_clients($client_ip) 1
}
}
when CLIENT_CLOSED {
set client_ip [IP::remote_addr]
if { [info exists ::active_clients($client_ip)] && ![info exist ::white_client($client_ip)] } {
incr ::active_clients($client_ip) -1
if { $::active_clients($client_ip) <= 0 } {
unset ::active_clients($client_ip)
}
}
}