WirelessPhreak.com

travel, science, technology, and all other geeky things
Follow Me

I came across an iRule that identifies multiple connection attempts from an IP address and throttle their connection. Because it is an iRule you can completely configure both the connection limit, timeouts, and even the message your F5 will send the user.


when RULE_INIT {
# This is the max requests allowed during "interval" specified below.
set static::maxRate 125;
# Below is the lifetime of the subtable record in seconds.
# This defines the interval during which requests are tallied. Example: Rate=10 and Timeout=3, allows 10 requests in 3 seconds
# Note: do not use very high timeout because it increases memory utilization especially under high load.
# Note: A rate of 100 in 50 seconds is the same is a rate of 20 in 1 second. But 1 second is a lot easier on memory,
# Because the records expire more quickly and the table does become too large.
set static::timeout 3;}
when HTTP_REQUEST {
set getCount [table lookup -notouch -subtable requests [IP::client_addr]]
    if { $getCount equals "" } {
       # log local0. "New one:  getCount=$getCount [IP::client_addr] [clock seconds]"
       table set -subtable requests [IP::client_addr] "1" $static::timeout $static::timeout
       } else {
    if { $getCount < $static::maxRate } {
       table incr -notouch -subtable requests [IP::client_addr]
       } else {
    if {$getCount == $static::maxRate } {
       log local0. "User @ [IP::client_addr] [clock seconds] has reached $getCount requests in $static::timeout seconds."
       table incr -notouch -subtable requests [IP::client_addr]
       }
   HTTP::respond 501 content "We apologize but your request/sec limit has exceeded the set threshold.  Please wait 30 seconds and refresh the page."
   #drop
   #return

Update coming soon a more advanced irule that accounts for rfc1918 ip space as well as data groups that allow multiple geoip country codes.

This iRule will allow you to block requests to your website from IP address that are not from the US. GeoIP blocking is flexible and a way of white listing traffic to your servers.  It does have it's limitations though.

GeoIP Databases change all the time.  To keep the F5   GeoIP database up to date wouldn't be practical.

Some may consider this a security measure. But to limit IP traffic from a limited geographic area is not an affective security measure. Real bad guys will proxy or use un willing victims to carry out their attacks.

when CLIENT_ACCEPTED {
if {not ([whereis [IP::client_addr] country] eq "US")}{
reject
}
}

The following is a list of Country Codes you can test with.


Whether you think he's a hero or a traitor Edward Snowden's revelations have generated an import conversation around privacy.  Here is his first Video from exile at South by South West.


Let us know what you think of Snowden





Yelp has released their top 100 places to eat in the country, as determined by the Yelp community.

Yelp's data team crunched the data using the Wilson Score to compile a list of highly rated places to eat. The method takes into account many of the same factors the everyday yelper uses, such as restaurant rating and number of reviews.
Here is a link to Yelp's Blog Post:  http://bit.ly/1el9NJj

Bone Appetit!