Dan Makovec’s blog

iRule for throttling clients under F5 BigIP LTM

We had a little problem with a DDoS attack this morning on DirectoryAustralia, so I was forced to go down the path of using Apache mod_rewrite to blockany access by a given user agent whose identity had been borrowed by a rogue bot.  Not pretty, but it got the site back on track.The problem with this approach is that it still means the requests come in to the load balancers, get assigned a worker node, hit the node, get run through the Apache rewrite checks, then get rejected.  It also means more config syncing between multiple servers.I thought to myself that given we’ve purchased a couple of really pricey F5 Big IP load balancers, surely there would be a way of having them generically throttle connections per IP without having to burden the servers with the effort of doing so? So I dug around a little into the F5 iRule syntax, and hit this page, which presented some nifty solutions that helped.  Here’s one derived iRule, based on the third rule listed in the above page, helpfully called Cap_connections_per_IP

when RULE_INIT {

    array set ::active_clients { }

}

when CLIENT_ACCEPTED {    set client_ip [IP::remote_addr]    if { [info exists ::active_clients($client_ip)] } {        if {$::active_clients($client_ip) > 10 } {            reject            log local0. "Reject overactive IP $client_ip ($::active_clients($client_ip))"            return        } else {            incr ::active_clients($client_ip)        }    } else {        set ::active_clients($client_ip) 1    }}when CLIENT_CLOSED {    set client_ip [IP::remote_addr]    if { [info exists ::active_clients($client_ip)] } {        incr ::active_clients($client_ip) -1        if { $::active_clients($client_ip) <= 0 } {            unset ::active_clients($client_ip)        }    }}

Back in Sydney

It’s 10.30 at night and I’m up on the 75th floor of World Tower overlooking Hyde Park and Kings Cross all the way across the harbour to Manly.

From up here, this town ain’t so bad.  Tonight however I descended my ivory (well, glass really) tower and walked amongst the plebs doing their Christmas shopping in Pitt St Mall and realised why I left.  Shitty traffic; pushy, rude people; pollution; crazy prices.  Makes me glad to be a Brizzy boy now.

Yes, it was a 45 minute drive the 12km to the airport along the Gateway this morning, compared to 20 minutes to get from Mascot to the Sydney CBD, but given how rarely I use that road these days, it’s a small price to pay.

Virgin also went severely fubar today.  They had a major nation-wide systems meltdown.  So much so that they had to resort to doing the paperwork using, er,  pen and paper!  My flight was delayed an hour.  Not that I minded, as it gave me time for a hearty breakfast in Brizzy airport.  Plus also the equipment that was supposed to have arrived in Sydney for me yesterday hasn’t made it yet (after several promises of various missed deadlines).  It’s coming tomorrow apparently - the suppliers promised!  I just hope it’s before lunch, so I have enough time to actually install it before hopping back on the flight.

It’s hard to believe that this time last year we were preparing to drive from Sydney to Adelaide for Chrissy.  This time we’re staying in Brisbane.  Just as well really - we’ve got some serious gardening to do in preparation for a mid year rennovation (nice big back deck and verandah going on the house).  I just hope the transplanted trees survive the drought.

Speaking of drought, there’s no sign of one down here.  Dams are nice and high, and everything’s lush.  I think I’ll make the most of it - the jacuzzi in my ensuite awaits.

Night.

Dan’s fitness regime, take 47663.

Ouch. It hurts.

It felt so good this morning, back on the weights and cross trainer after a year of blobbing up. Now it’s lunch time and everything aches.

Why do I do this to myself?

At least this gym has a pool.

That’ll be nice on a hot day.