Bit shifting in exponential backoff rule - bug?

been looking at using a modified version of this to mitigate brute force login attempts on a site:

https://devcentral.f5.com/wiki/iRules.POST-Request-Exponential-Backoff.ashx

But looking at the formula, there seems to be an error.

if { $prev_attempts eq "" } { set prev_attempts 0 }

OK, so this says if the variable is uninitialized, we set it to zero

set new_lockout [expr (1 << ($prev_attempts-1))]

But this has the potential of putting a -1 on the right hand side, which makes it undefined. Checking it in tclsh seems to confirm that the result of the expression will be invalid:

% expr 1 << (0-1) -2147483648 % exit

So my question is, shouldn't the $prev_attempts variable be initialized to "1", not "0"?

application delivery

devops

iRules

Forum Discussion

Bit shifting in exponential backoff rule - bug?

Recent Discussions

Advise on setting up IRULE

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

F5Access | MacOS Sonoma

Rewrite uri translation not working

Related Content

POST Request Exponential Backoff

Implementing The Exponential Backoff Algorithm To Thwart Dictionary Attacks

Shift-left Security Visibility

F5 SIRT This Week in Security: The 1B Data Leak, TrickBot Gang Shift and Cyber Espionage

Understanding Binary Right and Left Shift in Python the Easy Way