Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Jan 22, 2026

AppWorld DC Booth Kiosk Generator

Welcome to AppWorld, community! You may or may not be with us in person, but you can watch this thread for iRules that are either generated or described by the Distributed Cloud AI Assistant.
application delivery
dc kiosk
irules
JimmyPackets's avatar
JimmyPackets
Icon for Cirrus rankCirrus
Mar 12, 2026

iRule Explanation - from the iRules Toolbox

Source: vip_to_vip_redirection.txt

# Create an F5 iRule that redirects client connections based on the source port. The iRule should check if the client is connecting on port 80, and if so, internally redirect the connection to a specific virtual server named "HTTP_virtual" while maintaining transparency to the client.

when CLIENT_ACCEPTED priority 500 {
    # This event triggers as soon as a client connection is accepted by the virtual server
    
    # Check if the client is connecting on port 80 (standard HTTP port)
    # This allows selective processing based on the client's source port
    if {[TCP::remote_port] == 80} {
        # If the client is connecting on port 80, redirect the connection internally
        # to another virtual server named "HTTP_virtual"
        # This is a VIP-to-VIP redirection that happens transparently to the client
        # The client remains unaware that their traffic is being handled by a different virtual server
        virtual HTTP_virtual
    }
    # If the client is connecting on any other port, the connection continues
    # to be processed by the current virtual server (implicit else case)
}

Explanation (generated by F5 Distributed Cloud AI Assistant):


Objective
• Redirect client connections arriving on TCP port 80 to a virtual server named “HTTP_virtual.”
• Trigger this logic as soon as the BIG-IP accepts a client connection.
• Maintain transparency so the client is unaware of the internal VIP-to-VIP handoff.

Execution Flow
• Event: CLIENT_ACCEPTED fires with priority 500 (BIGIP-9.0.0).
• Code calls [TCP::remote_port] to obtain the client-side TCP source port (docs: “returns the client-side TCP source port”).
• If that port equals 80, execute virtual HTTP_virtual to internally redirect to the named virtual server.
• If the condition is false (implicit else), continue processing under the current virtual server.

Potential Logic Concerns
• The rule checks [TCP::remote_port] == 80, but remote_port is the client’s source port, not the destination port. Clients almost never use port 80 as their source, so the redirect will never trigger. (high confidence)


Overall Summary
This iRule correctly implements a VIP-to-VIP redirect under CLIENT_ACCEPTED but misuses TCP::remote_port instead of TCP::local_port, preventing the intended HTTP-port match and redirect.
F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind.