Product Documentation

Testing a Rate-Based Policy

Oct 29, 2013

To test a rate-based policy, you can send traffic to any virtual server to which a rate-based policy is bound.

Task overview: Testing a rate-based policy

  1. Configure a stream selector (optional) and a rate limit identifier (required). For example:
     
    add stream selector sel_subnet Q.URL "CLIENT.IP.SRC.SUBNET(24)" 
    add ns limitIdentifier k_subnet -Threshold 4 -timeSlice 3600 -mode REQUEST_RATE  -limittype smooth  -selectorName sel_subnet  -trapsInTimeSlice 8 
    
  2. Configure the action that you want to associate with the policy that uses the rate limit identifier. For example:
     
    add responder action resp_redirect redirect "\"http://response_site.com/\"" 
    
  3. Configure a policy that uses the sys.check_limit expression prefix to call the rate limit identifier. For example, the policy can apply a rate limit identifier to all requests arriving from a particular subnet, as follows:
     
    add responder policy resp_subnet "SYS.CHECK_LIMIT(\"k_subnet\")" resp_redirect 
    
  4. Bind the policy globally or to a virtual server. For example:
     
    bind responder global resp_subnet 6 END -type DEFAULT 
    
  5. In a browser address bar, send a test HTTP query to a virtual server. For example:
     
    http://<IP of a vserver>/testsite/test.txt 
    
  6. At the NetScaler command prompt, type:

    show ns limitSessions <limitIdentifier>

    Example

     
    > sh limitsession k_subnet 
    1)      Time Remaining:       98 secs  Hits: 2                          Action Taken: 0 
            Total Hash:    1718618  Hash String: /test.txt 
            IPs gathered: 
                    1) 10.217.253.0 
            Active Transactions: 0 
     Done 
    > 
    
  7. Repeat the query and check the limit identifier statistics again to verify that the statistics are being updated correctly.