Forum Discussion

Nimbostratus

Feb 27, 2015

iRule inspecting body response

Hello Devcentral community, How i can detect if the following content of the HTTP BODY is present in the HTTP RESPONSE ? the following line : this.location.replace (" Thanks in a...

Nimbostratus

Feb 27, 2015

I think you can do something like:

STREAM::disable
STREAM::expression "this.location.replace("https://"
STREAM::enable

Then use the STREAM_MATCHED event:

when STREAM_MATCHED {
  log local0. "Stream found."
  }

You may need to play with it some, I can't remember exactly how to do this, but it can be done. You can search with stream and then NOT replace.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule inspecting body response

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

GRPC through F5 Virtual Server [RST_STREAM with error code: INTERNAL_ERROR]

[ASM] - How to disable the SQL injection attack signatures

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Related Content

Introduction of Incident Response

SSL Orchestrator Response Inspection

Unsupported Snort Keywords in Protocol Inspection

Inspecting a UCS file from a compromised BIG-IP

Lightboard Lesson: Perfect Forward Secrecy Inspection Visibility

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS