HTTP iRule

Question

I found this iRule on the DevCentral site at the following URL, http://devcentral.f5.com/wiki/iRule...eader.ashx&nbsp;
&nbsp;It does exactly what I need it to do except work with HTTPS.  How would I modify this iRule to work with HTTPS?&nbsp;
 &nbsp;

hoolio · Answer

Hi Ken, 
&nbsp;  
&nbsp; In order to read the HTTP host header value, you'd need to decrypt the SSL using a client SSL profile.  Once you do that and add an HTTP profile to the virtual server, that iRule would work as it is. 
&nbsp;  
&nbsp; Aaron

hoolio · Answer

Also note that that iRule would allow a malicious user to send HTTP traffic to any pool which ends with _pool configured on your LTM.  From a security standpoint, it would be a lot safer to create a whitelist of allowed pool names and check that the parsed pool name is part of it before allowing the client to get to the pool.  You could do this by defining the allowed pool names in a data group and then using the class command to look up the requested host in the data group. 
&nbsp;  
&nbsp; http://devcentral.f5.com/wiki/iRules.class.ashx 
&nbsp;  
&nbsp; Aaron

kend · Answer

I read the link you provided, but I am unclear on how to create the data group itself.  Any help would be appreciated.

Forum Discussion

HTTP iRule

3 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

error code 503 redirect irule

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

OWA File Upload URIs for WAF Bypass

F5 AWAF/ASM learning only from Trusted traffic?

F5OS VLAN naming length restrictions

Related Content

F5 HTTPS Redirect 2025

iRule to take cookie from HTTP Response into HTTP Request via table

The State Of HTTP/2 With F5 LTM

HTTP Request Smuggling Using Chunk Extensions (CVE-2025-55315)

HTTP Multipart and Security Implications

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS