@CloudExpo Authors: Pat Romanski, Zakia Bouachraoui, Elizabeth White, Yeshim Deniz, Liz McMillan

Related Topics: @CloudExpo, Machine Learning

@CloudExpo: Blog Feed Post

20 Lines or Less: Selective SSL, Port Stripping and Headers

The Flexibility and Power of iRules

What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

With the onslaught of work required to get DC5 up and running it’s been a while since I’ve offered some cool iRule goodness to the community from the community.  There have been plenty of examples cruising through the forums, that’s for sure, I just haven’t had the time to comb through all of them or write them up.  Now that I can again see the light of day, allow me to share a some good ones with you.


Disabling SSL to one backend pool

We’ve looked at ways to selectively disable SSL before, but this example had an interesting twist that I thought was…well…interesting.  The idea here is to selectively disable SSL only on the back end of the connection, not the entire thing.  The client should always be encrypted but the server can, in some cases, be plain-text to try and cut down on overhead.  Cool idea, and here’s a look at how to make it work, according to a good example by user Alok.

set my_uri [string tolower [HTTP::uri]]
if { $my_uri starts_with "/secure" } {
pool ssl__pool
} else {
SSL::disable serverside
pool static_pool


Hash persistence based on true-client IP

Here’s a user that’s trying to work around a limitation in the content distribution service they’re using.  They want to use an iRule to perform hash based persistence based on a header supplied giving the client’s IP address.  Hoolio, as is often the case, springs into action and whips up a nifty little example making use of lindex and active_members –list that gets the job done.

# Check if the active_members command returns an entry which can be split on a space into two variables
if {[active_members app_http_pool]}{
if {[scan [lindex [active_members –list app_http_pool] [expr {[md5 $tcip_header] % [active_members app_http_pool]}]] {%s %s} ip port] == 2}{
# Select the pool member IP and port
pool app_http_pool member $ip $port

# Exit from this event in this rule
# Take some default action if the pool is down or scan didn't parse the output?


Removing port numbers from redirects

If you’re looking to strip port locations from your redirects, then boy do I have the rule for you.  Well, it’s not my rule, really, but I get to share more of Aaron’s work with you, which is a regular and enjoyable part of my jobs these days, it seems.  The one man juggernaut has knocked out a quick little header replacement rule using string map and the fun HTTP::is_redirect command to get this job done.

if { [HTTP::is_redirect] } {
if { [HTTP::header Location] contains "www.acme.com:10040" } {
log local0. "Original Location value: [HTTP::header Location]"
HTTP::header replace Location [string map -nocase {www.acme.com:10400 www.acme.com} [HTTP::header value Location]]
when HTTP_RESPONSE priority 501 {
if { [HTTP::is_redirect] } {

# Debug logging only. Remove this event once done testing
log local0. "Updated Location value: [HTTP::header Location]"

Check back next week for some more examples of awesome things you can do with iRules in only a few lines of code.


Read the original blog entry...

More Stories By Colin Walker

Coming from a *Nix Software Engineering background, Colin is no stranger to long hours of coding, testing and deployment. His personal experiences such as on-stage performance and the like have helped to foster the evangelist in him. These days he splits his time between coding, technical writing and evangalism. He can be found on the road to just about anywhere to preach the good word about ADCs, Application Aware networking, Network Side Scripting and geekery in general to anyone that will listen.

Colin currently helps manage and maintain DevCentral (http://devcentral.f5.com). He is also a contributor in many ways, from Articles to Videos to numerous forum posts, to iRules coding and whatever else he can get his hands on that might benefit the community and allow it to continue to grow.

CloudEXPO Stories
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app security and encryption-related solutions. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University, and is an O'Reilly author.
CloudEXPO New York 2018, colocated with DevOpsSUMMIT and DXWorldEXPO New York 2018 will be held November 12-13, 2018, in New York City and will bring together Cloud Computing, FinTech and Blockchain, Digital Transformation, Big Data, Internet of Things, DevOps, AI and Machine Learning to one location.
CloudEXPO | DevOpsSUMMIT | DXWorldEXPO are the world's most influential, independent events where Cloud Computing was coined and where technology buyers and vendors meet to experience and discuss the big picture of Digital Transformation and all of the strategies, tactics, and tools they need to realize their goals. Sponsors of DXWorldEXPO | CloudEXPO benefit from unmatched branding, profile building and lead generation opportunities.
ICC is a computer systems integrator and server manufacturing company focused on developing products and product appliances to meet a wide range of computational needs for many industries. Their solutions provide benefits across many environments, such as datacenter deployment, HPC, workstations, storage networks and standalone server installations. ICC has been in business for over 23 years and their phenomenal range of clients include multinational corporations, universities, and small businesses.
Headquartered in Plainsboro, NJ, Synametrics Technologies has provided IT professionals and computer systems developers since 1997. Based on the success of their initial product offerings (WinSQL and DeltaCopy), the company continues to create and hone innovative products that help its customers get more from their computer applications, databases and infrastructure. To date, over one million users around the world have chosen Synametrics solutions to help power their accelerated business or personal computing needs.