F5-在BIGIP上限制连接数的N种方法

cyrus_earth

在BIGIP上限制连接数的N种方法
*************************************
RULE #1
Limit the number of HTTP requests from a single client. Client can only
make 3 HTTP requests per second
over a single HTTP connection. Respond with a 503
*************************************
代码
when HTTP_REQUEST {
set cur_time [clock seconds]
if { [HTTP::request_num] > 1 } {
if { $cur_time == $start_time } {
if { $reqs_sec > 3 } {
HTTP::respond 503 Retry-After 2
}
incr reqs_sec
return
}
}
set start_time $cur_time
set reqs_sec 0
}
****************************************
****************************************
RULE #2
Limit the number of connections from a single client. Tracks clients based
on IP address. They can't have
more than 10 concurrent TCP connections. Excess connections from the
client are rejected
*****************************************
代码
when RULE_INIT {
array set ::active_clients { }
log local0. "phase1"
}
when CLIENT_ACCEPTED {
set client_ip [IP::remote_addr]
if { [info exists ::active_clients($client_ip)] } {
if {$::active_clients($client_ip) > 10 } {
log "Client $client_ip has too many connections"
reject
return
} else {
log local0. "$::active_clients($client_ip)"
incr ::active_clients($client_ip)
}
} else {
set ::active_clients($client_ip) 1
}
}
when CLIENT_CLOSED {
if { [info exists ::active_clients($client_ip)] } {
incr ::active_clients($client_ip) -1
if { $::active_clients($client_ip) = $::max_active_clients } {
HTTP::redirect "http://yoursiteisdown.com/"
return
}
incr ::total_active_clients
set ::active_sessions($client_id) 1
} else {
incr ::active_sessions($client_id)
}
}
}
when HTTP_RESPONSE {
if { $need_cookie } {
HTTP::cookie insert name "ClientID" value $client_id
set need_cookie 0
}
}
when CLIENT_CLOSED {
if { [info exists client_id] and [info exists
::active_sessions($client_id)] } {
incr ::active_sessions($client_id) -1
if { $::active_sessions($client_id) <= 0 } {
unset ::active_sessions($client_id)
incr ::total_active_clients -1
}
}
}
***************************************
第一个Rules，是限定一个客户端发起的一个TCP连接中每秒钟不超过3个HTTP
Request。第二个Rules是限定同一个IP地址，能并发的TCP连接不超过10个。第三个是限定同一个User
ID不能同时保持超过50个并发连接。
               
               
               

本文来自ChinaUnix博客，如果查看原文请点：http://blog.chinaunix.net/u3/108518/showart_2137434.html