dragonflymr
Dec 14, 2015Cirrostratus
iRule - which option is better performance wise
Hi,
I need to reject request when given number of concurrent HTTP session is created (based on session cookie). So above limit I should not accept more requests.
I wonder which way will be less performance hungry. Here is my code:
when CLIENT_ACCEPTED {
log local0. "-"
TCP::collect
set mc "my_cookie"
}
when CLIENT_DATA {
log local0. "-"
if { [set cv [findstr [TCP::payload] ${mc}= 0 " "]] ne "" } {
set val [lindex [split $cv "="] 1]
log local0. "Cookie \"$mc\" found \"$cv\". Value \"$val\""
log local0. "TCP::payload -> [TCP::payload]"
TCP::release
} else {
TCP::release
reject
}
}
I can check if cookie with given name exists in request via TCP::payload and then reject connection in CLIENT_ACCEPTED or I can check cookie existence in HTTP_REQUEST event.
Is TCP:collect/payload overhead justified by being able to reject after 3WHS and not waiting on L7 processing in iRule?
If so are there any issues with this iRule I should correct?
Piotr