Forum Discussion
AdminAppWorld DC Booth Kiosk Generator
Welcome to AppWorld, community! You may or may not be with us in person, but you can watch this thread for iRules that are either generated or described by the Distributed Cloud AI Assistant.
26 Replies
- JimmyPackets
Cirrus
AI-Generated iRule
Prompt: Log HTTP request and response headers to a remote syslog server in a structured key-value format
Generated iRule (by F5 Distributed Cloud AI Assistant):
when HTTP_REQUEST { # Log the incoming HTTP request headers to the syslog server set request_headers [HTTP::request_headers] set log_message "HTTP Request: [format_headers $request_headers]" log local0. "$log_message" } when HTTP_RESPONSE { # Log the outgoing HTTP response headers to the syslog server set response_headers [HTTP::response_headers] set log_message "HTTP Response: [format_headers $response_headers]" log local0. "$log_message" } # Helper function to format headers as key-value pairs proc format_headers {headers} { set formatted "" foreach {key value} [array get headers] { set formatted "$formatted$key: $value; " } return $formatted } - JimmyPackets
AI-Generated iRule
Prompt: Reject SSL connections using TLS versions older than 1.2 with a TCP reset
Generated iRule (by F5 Distributed Cloud AI Assistant):
when CLIENTSSL_HANDSHAKE priority 500 { # Get the TLS version from the current SSL cipher set tls_version [SSL::cipher version] # Reject connection if TLS version is older than 1.2 if { $tls_version eq "SSLv2" or $tls_version eq "SSLv3" or $tls_version eq "TLSv1" or $tls_version eq "TLSv1.1" } { reject } } F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind. - Kendall_Brennei
Employee
SO COOL to see irule automation in action at #AppWorld2026
- JimmyPackets
AI-Generated iRule
Prompt: Inject a JavaScript analytics snippet into HTML response bodies before the closing </body> tag
Generated iRule (by F5 Distributed Cloud AI Assistant):
when HTTP_RESPONSE priority 500 { # Check if Content-Type header exists and contains "text/html" if { [HTTP::header exists "Content-Type"] && [string tolower [HTTP::header "Content-Type"]] contains "text/html" } { # Get Content-Length header value if present, else set to 0 if { [HTTP::header exists "Content-Length"] } { set content_length [HTTP::header "Content-Length"] } else { set content_length 0 } # Collect the entire response body based on Content-Length or up to 1MB if unknown or large if { $content_length > 0 && $content_length < 1048576 } { HTTP::collect $content_length } else { HTTP::collect 1048576 } } } when HTTP_RESPONSE_DATA priority 500 { # Define the JavaScript analytics snippet to inject set js_snippet "<script>/* Analytics snippet here */</script>" # Get the full response body payload set content [HTTP::payload] # Search for the closing </body> tag case-insensitively if {[regexp -nocase -- {</body>} $content match body_tag_start]} { # Insert the JavaScript snippet before the closing </body> tag regsub -nocase -- {</body>} $content "${js_snippet}</body>" new_content } else { # If no </body> tag found, append the snippet at the end append content $js_snippet set new_content $content } # Replace the payload with the modified content HTTP::payload replace 0 [HTTP::payload length] $new_content # Update the Content-Length header to the new payload length HTTP::header replace "Content-Length" [string length $new_content] # Release the modified payload to continue processing HTTP::release } F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind. - JimmyPackets
iRule Explanation - from the iRules Toolbox
Source: cookie_encryption_gateway.txt
when CLIENT_ACCEPTED priority 500 { # Exposed passphrase, but this key can be synchronized to the peer LTM set PASSPHRASE "secret" # Private passphrase, but it isn't synchronized. On LTM failover to # its peer, applications relying on the encrypted cookies will break. # set passphrase [AES::key] } when HTTP_REQUEST priority 500 { foreach { cookieName } [HTTP::cookie names] { HTTP::cookie decrypt $cookieName $PASSPHRASE } } when HTTP_RESPONSE priority 500 { foreach { cookieName } [HTTP::cookie names] { HTTP::cookie encrypt $cookieName $PASSPHRASE } }Explanation (generated by F5 Distributed Cloud AI Assistant):
Objective
• Define a shared passphrase on connection setup.
• Decrypt all HTTP cookies arriving from clients.
• Encrypt all HTTP cookies sent back in responses.
• Ensure backend sees plaintext cookies while clients store encrypted ones.Execution Flow
• when CLIENT_ACCEPTED priority 500
– set PASSPHRASE "secret" establishes a cookie encryption key per connection (see set command docs).
• when HTTP_REQUEST priority 500
– [HTTP::cookie names] returns all cookie names.
– HTTP::cookie decrypt $cookieName $PASSPHRASE decrypts each cookie before passing to the server.
• when HTTP_RESPONSE priority 500
– [HTTP::cookie names] again lists all cookies (including newly set ones).
– HTTP::cookie encrypt $cookieName $PASSPHRASE encrypts each cookie before sending to the client.
Overall summary: This iRule transparently decrypts client cookies for internal use and re-encrypts them on the way back, using a static passphrase initialized at connection time.
F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind. - JimmyPackets
AI-Generated iRule
Prompt: Encrypt a session cookie value on the response and decrypt it on subsequent requests for cookie security
Generated iRule (by F5 Distributed Cloud AI Assistant):
when HTTP_RESPONSE { # Encrypt the session cookie value before sending it to the client set session_cookie [HTTP::cookie "session"] set encrypted_cookie [encrypt $session_cookie] # Call to a custom encrypt function HTTP::cookie "session" $encrypted_cookie } when HTTP_REQUEST { # Decrypt the session cookie value on subsequent requests set encrypted_cookie [HTTP::cookie "session"] if { $encrypted_cookie ne "" } { set session_cookie [decrypt $encrypted_cookie] # Call to a custom decrypt function HTTP::cookie "session" $session_cookie } } - JimmyPackets
AI-Generated iRule
Prompt: Reject SSL connections using TLS versions older than 1.2 with a TCP reset
Generated iRule (by F5 Distributed Cloud AI Assistant):
when CLIENTSSL_HANDSHAKE priority 500 { # Get the TLS version string of the negotiated cipher set tls_version [SSL::cipher version] # Reject connection if TLS version is older than 1.2 if { $tls_version eq "SSLv2" || $tls_version eq "SSLv3" || $tls_version eq "TLSv1" || $tls_version eq "TLSv1.1" } { reject return } } F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind. - JimmyPackets
AI-Generated iRule
Prompt: Block DNS queries for domains matching a blocklist datagroup and return NXDOMAIN
Generated iRule (by F5 Distributed Cloud AI Assistant):
Unfortunately, the AI assistant is unable to answer this question as the F5 Distributed Cloud documentation does not include this information. - JimmyPackets
AI-Generated iRule
Prompt: Select a specific pool member based on a query string parameter value (e.g., ?server=web01)
Generated iRule (by F5 Distributed Cloud AI Assistant):
when HTTP_REQUEST { # Check if the query string contains the parameter 'server' if {[HTTP::query] contains "server="} { # Extract the value of the 'server' parameter set server_name [getfield [HTTP::query] "server" "="] # Select the pool member based on the server_name if {$server_name eq "web01"} { pool web01_pool } elseif {$server_name eq "web02"} { pool web02_pool } else { # Default pool if no match pool default_pool } } else { # Default pool if 'server' parameter is not present pool default_pool } } - JimmyPackets
iRule Explanation - from the iRules Toolbox
Source: path_parsing_with_glob_style_matching.txt
# Create an F5 BIG-IP iRule that routes HTTP requests to different pools based on the first two characters of the URL path. The rule should use case-insensitive matching and handle paths starting with /a, /b, and /c, followed by specific ranges of letters. Include a default case for paths that don't match any specified patterns. The rule should have default priority and use efficient matching techniques. when HTTP_REQUEST priority 500 { # Parse the first then second character in the path # Convert the path to lowercase for case-insensitive matching switch -glob -- [string tolower [HTTP::path]] { # If path starts with /a followed by a-l, route to this pool "/a[a-l]*" { pool reward-uat5.123.com_AA2AL } # If path starts with /a followed by m-z, or /b followed by a-l, route to this pool "/a[m-z]*" - "/b[a-l]*" { pool reward-uat5.123.com_AM2BL } # If path starts with /b followed by m-z, or /c followed by a-d, route to this pool "/b[m-z]*" - "/c[a-d]*" { pool reward-uat5.123.com_BM2CD } # Default case: if none of the above patterns match (including just a forward slash) default { # Route to the first pool as a fallback pool reward-uat5.123.com_AA2AL } } }Explanation (generated by F5 Distributed Cloud AI Assistant):
Objective
• This iRule routes incoming HTTP requests to different server pools based on the first two characters of the URL path.
• It performs case-insensitive matching by converting the path to lowercase.
• Paths beginning with /a (subdivided into a-l and m-z), /b (a-l and m-z), and /c (a-d) each map to a specific pool.
• Any path not matching these patterns (including /) falls back to the first pool.Execution Flow
The HTTP_REQUEST event fires with priority 500.
[HTTP::path] is converted to lowercase using string tolower.
switch -glob -- evaluates the lowercase path against patterns, in order:
• Pattern /a[a-l]* → pool reward-uat5.123.com_AA2AL
• Patterns /a[m-z]* OR /b[a-l]* → pool reward-uat5.123.com_AM2BL
• Patterns /b[m-z]* OR /c[a-d]* → pool reward-uat5.123.com_BM2CD
• default (any other path) → pool reward-uat5.123.com_AA2ALPotential Logic Concerns
• The rule explicitly sets priority 500, which differs from the requested default priority (omit priority for default behavior). (high confidence)
Overall Summary
The iRule efficiently implements case-insensitive, glob-based matching for the specified path ranges with a clear default fallback. Adjusting or removing the explicit priority 500 will align it with the requested default priority.
F5, Inc. ("F5") disclaims all liability in connection with any output generated by the AI Assistant ("Output") or use thereof, including without limitation any negative business impact caused by your use of Output to administer, direct, configure or control the operation and functioning of any F5 products. Output is provided "as is" without any warranties of any kind.
