Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Val_Boudreau_11's avatar
Val_Boudreau_11
Icon for Nimbostratus rankNimbostratus
Jun 29, 2005

Emulating Stream using iRules

Hello,     I am new to BIG-IPs (v9.1) and the writing of iRules.     Looking for some assistance on emulating multiple ‘Stream” profiles using a single iRule.     In ...
application delivery
dev
devops
irules
unRuleY_95363's avatar
unRuleY_95363
Historic F5 Account
Jul 11, 2005
Because the way HTTP works with regard to Content-Length, you will need to buffer the entire payload, replace the strings and then release the payload.

The reason for this is that as the payload size increases due to the replacements, the HTTP Content-Length header needs to be increased. But because the header is at the beginning and you don't know how many times you are going to substitute, you can't do anything until you have the entire payload.

However, the potential problem with buffering the entire payload, is that as the size and number of responses go up, the memory usage and concurrency are affected. So, as long as the responses which you are searching & replacing are not too large this should work fine.

Click here for the article which provides an example of how to buffer the response and then modify it:

http://devcentral.f5.com/Default.aspx?TabID=29&newsType=ArticleView&articleId=25

Here is another similar example which uses "string map" instead. String map is slightly more efficient than regsub and has the advantage that it can search & replace multiple key value pairs in one pass: 

 
 when HTTP_REQUEST { 
     Don't allow data to be chunked. 
    if {[HTTP::version] == "1.1"} { 
       if {[HTTP::header is_keepalive]} { 
           Adjust the Connection header. 
          HTTP::header replace "Connection" "Keep-Alive" 
       } 
       HTTP::version "1.0" 
    } 
 } 
 when HTTP_RESPONSE { 
    if {[HTTP::header exists "Content-Length"]} { 
       set content_len [HTTP::header "Content-Length"] 
    } else { 
       set content_len 4294967295 
    } 
    if { $content_len > 0 } { 
       HTTP::collect $content_len 
    } 
 } 
 when HTTP_RESPONSE_DATA { 
    set payload [HTTP::payload] 
    set length [HTTP::payload length] 
    set new_payload [string map { \ 
          http% https% \ 
          http://myhost.company.com https://myhost.company.com \ 
       } $payload] 
    if { $new_payload ne $payload } { 
        Replace the content if there was any matches 
       HTTP::payload replace 0 $length $new_payload 
    } 
 }