AppWorld DC Booth Kiosk Generator

AI-Generated iRule

Prompt: Compress HTTP responses only for clients that send an Accept-Encoding: gzip header and for text content types

Generated iRule (by F5 Distributed Cloud AI Assistant):

when HTTP_REQUEST {
    # Check if the client sent an Accept-Encoding header with gzip
    if {[HTTP::header "Accept-Encoding"] contains "gzip"} {
        # Check if the content type is text
        if {[HTTP::header "Content-Type"] starts_with "text/"} {
            # Enable gzip compression for the response
            HTTP::header insert "Content-Encoding" "gzip"
            # Compress the response body
            set response_body [HTTP::response body]
            set compressed_body [gzip $response_body]
            HTTP::response body $compressed_body
        }
    }
}

AI-Generated iRule

Prompt: Parse an HTTP Authorization header to extract a Base64-encoded username and log it for audit purposes

Generated iRule (by F5 Distributed Cloud AI Assistant):

when HTTP_REQUEST priority 500 {
    # Retrieve the Authorization header
    set auth_header [HTTP::header "Authorization"]

    # Check if Authorization header exists and starts with "Basic "
    if { $auth_header ne "" && [string tolower [string range $auth_header 0 5]] eq "basic " } {
        # Extract the Base64-encoded token by removing "Basic " prefix
        set b64_token [string range $auth_header 6 end]

        # Attempt to decode the Base64 token safely
        if { [catch {b64decode $b64_token} decoded_creds] == 0 && $decoded_creds ne "" } {
            # Extract username by splitting decoded string at the first colon
            if { [regexp -- {^([^:]+):} $decoded_creds -> username] } {
                # Log the extracted username for audit purposes
                log local0. "Extracted username from Authorization header: $username"
            }
        }
    }
}

F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind.

AI-Generated iRule

Prompt: Rate-limit HTTP requests per client IP using a subtable, allowing 30 requests per 60 seconds

Generated iRule (by F5 Distributed Cloud AI Assistant):

when HTTP_REQUEST priority 500 {
    # Define maximum allowed requests per client IP
    set threshold 30
    # Define the time window in seconds for rate limiting
    set interval 60
    # Identify the client IP
    set client_ip [IP::client_addr]
    # Define subtable name for this client
    set table_name "req_count_${client_ip}"
    # Increment request count for this client
    set count [table incr -subtable $table_name -- $client_ip]
    # On first request, set the timeout for this client's counter
    if { $count == 1 } {
        table timeout -subtable $table_name -- $client_ip $interval
    }
    # If request count exceeds threshold, respond with HTTP 429
    if { $count > $threshold } {
        HTTP::respond 429 content "Too Many Requests" noserver
        return
    }
}

F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind.

AI-Generated iRule

Prompt: Persist connections to the same pool member based on a JSESSIONID cookie value

Generated iRule (by F5 Distributed Cloud AI Assistant):

when HTTP_REQUEST {
    # Check if the JSESSIONID cookie exists
    if {[HTTP::cookie exists "JSESSIONID"]} {
        # Get the value of the JSESSIONID cookie
        set session_id [HTTP::cookie "JSESSIONID"]
        # Persist the connection to the pool member based on the session ID
        persist uie session_id
    }
}

AI-Generated iRule

Prompt: Block HTTP requests that contain SQL injection patterns in the URI or query string

Generated iRule (by F5 Distributed Cloud AI Assistant):

Unfortunately, the AI assistant is unable to answer this question as the F5 Distributed Cloud documentation does not include this information.

AI-Generated iRule

Prompt: Mirror a copy of all TCP traffic to a clone pool for intrusion detection analysis

Generated iRule (by F5 Distributed Cloud AI Assistant):

when CLIENT_ACCEPTED {
    # Store the original destination address
    set original_dest [IP::client_addr]
    
    # Send a copy of the traffic to the clone pool for analysis
    pool clone_pool
}

when SERVER_DATA {
    # Send the server response to the clone pool as well
    pool clone_pool
}

when CLIENT_DATA {
    # Send the client request to the clone pool
    pool clone_pool
}

AI-Generated iRule

Prompt: Rewrite the Location header in 301/302 redirects to change the scheme from HTTP to HTTPS

Generated iRule (by F5 Distributed Cloud AI Assistant):

Unfortunately, the AI assistant is unable to answer this question as the F5 Distributed Cloud documentation does not include this information.

AI-Generated iRule

Prompt: Terminate idle TCP connections that have been inactive for more than 300 seconds with a graceful close

Generated iRule (by F5 Distributed Cloud AI Assistant):

when CLIENT_ACCEPTED priority 500 {
    # schedule a timer to close the connection after 300 seconds (300000 ms)
    set idle_timer [after 300000 {
        # gracefully close the TCP connection
        TCP::close
    }]
}

when CLIENT_CLOSED priority 500 {
    # cancel the scheduled idle timeout if the connection closes first
    if { [info exists idle_timer] } {
        after cancel $idle_timer
        unset -- idle_timer
    }
}

F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind.

AI-Generated iRule

Prompt: Redirect clients to a certificate enrollment page if no client SSL certificate is presented

Generated iRule (by F5 Distributed Cloud AI Assistant):

when CLIENTSSL_CLIENTCERT {
    if { [SSL::cert count] == 0 } {
        # No client certificate presented, redirect to enrollment page
        HTTP::redirect "https://example.com/certificate-enrollment"
    }
}

iRule Explanation - from the iRules Toolbox

Source: redirect_non_ssl_on_port_443.txt

# Create an F5 BIG-IP iRule that enforces HTTPS connections and directs users to a login page. The rule should check if the connection is encrypted by attempting to get the SSL cipher version. For unencrypted connections, log the detection and redirect to the HTTPS version of the Login.jsp page. For encrypted connections, allow the request to proceed but redirect requests for the root path to the Login.jsp page. Include error handling for the SSL cipher check and extract the hostname without port number when constructing redirect URLs.

when HTTP_REQUEST priority 500 {
    # Try to get the SSL cipher version and catch any errors
    # This checks if the connection is encrypted (SSL/TLS)
    if {([catch {SSL::cipher version} result]) || $result eq "none"} {
        # Log that we detected an unencrypted request
        log local0. "\: $result. Redirecting unencrypted request."

        # Redirect to HTTPS version of the site, specifically to Login.jsp
        # getfield extracts the hostname without port number (if any)
        HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp"

        # Exit the rule early
        return
    }

    # If we reach here, the connection is encrypted
    # Log that we're allowing the encrypted request
    log local0. "\: $result. Allowing encrypted request."
 
    # If the request is for the root path "/"
    if {[HTTP::path] eq "/"} {
        # Redirect to the Login.jsp page
        # This ensures users going to the root are sent to the login page
        HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp"
    }
}

Explanation (generated by F5 Distributed Cloud AI Assistant):

Objective
• Enforce that all client requests use HTTPS by detecting the SSL/TLS state.
• Redirect plain‐HTTP requests to the HTTPS Login.jsp page, logging the event.
• Allow encrypted requests to proceed but send clients hitting “/” to Login.jsp.
• Extract the hostname without the port when building redirect URLs and handle SSL check errors.

Execution Flow
• Event: when HTTP_REQUEST priority 500 fires on each HTTP request (docs: valid event).
• The rule runs [catch {SSL::cipher version} result] to test for an SSL/TLS cipher (docs: SSL::cipher version).
• If catch returns non‐zero (error) OR $result eq "none"
– Log detection of an unencrypted request.
– Redirect to https://[getfield [HTTP::host] : 1]/Login.jsp (uses getfield to strip port; docs: getfield syntax).
– return exits this event early (docs: return stops the current event).
• Otherwise (encrypted connection)
– Log that the encrypted request is allowed.
– If [HTTP::path] eq "/" (docs: HTTP::path returns the request path)
• Redirect to https://[getfield [HTTP::host] : 1]/Login.jsp.

Potential Logic Concerns
• The log commands use local0. without specifying a severity level (docs require <facility>.<level>). This will fail at runtime. (high confidence)

Overall Summary
This iRule correctly enforces HTTPS, handles SSL detection errors, and redirects root‐path requests to Login.jsp while preserving the hostname. Fixing the log facility syntax will ensure proper logging.
F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind.