Hi
May I count source IP with x-forwarded-for filed by aflex? ex: if one the same source IP connection more then 1000 in one min or 5 min, then log in syslog.
I have referred “rate-limit-connection-requests” tcl, like below:
when RULE_INIT { set ::MAX_REQUESTS 1000 } when HTTP_REQUEST { if { [HTTP::header exists “X-Forwarded-For”] } { set IP [getfield [HTTP::header X-Forwarded-For] “,” 1] } else { set IP [IP::client_addr] } if { [table lookup tmp_request $IP] == “” } { table set tmp_request $IP 1 log “$IP → request counter created” } set request_count [table incr tmp_request $IP] if { $request_count > $::MAX_REQUESTS } { log "$IP connection > $::MAX_REQUESTS " } }
But it seem accumulator IP in the table,can’t count by timers(sec or min) Does there have solution for this ? Thanks.
when RULE_INIT { set ::MAX_REQUESTS 100 # timelimit in seconds set ::TIMELIMIT 60 }
when HTTP_REQUEST { if { [HTTP::header exists “X-Forwarded-For”] } { set IP [getfield [HTTP::header X-Forwarded-For] “,” 1] } else { set IP [IP::client_addr] } # Check if there is an entry for the client_addr in the table if { [ table lookup tmp_table -notouch $IP ] != “” } { # If the value is less than MAX_REQUESTS (1000) increment it by one if { [ table lookup tmp_table -notouch $IP ] < $::MAX_REQUESTS } { log “Number of requests from client = [ table lookup tmp_table -notouch $IP ]” table incr tmp_table -notouch $IP 1 } else { # log the message with the ratelimit exceeds log “Client has exceeded the number of allowed requests of [ table lookup tmp_table -notouch $IP ]” } } else { # If there is no entry for the client_addr create a new table to track number of HTTP_REQUEST. timeout is set to TIMELIMIT mentioned log " Table created for $IP " table set tmp_table $IP 1 $::TIMELIMIT } }
#the table with client IP, timeout will be the TIMELIMIT mentioned.
Hi,
I get error message "aFleX syntax error: line 9: “unknown command “table”” when apply the aflex to AX serial ( it is work on ACOS serial ) , does AX serial not support “table” syntax?
Thanks for your support.