For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Diego_19194's avatar
Diego_19194
Icon for Nimbostratus rankNimbostratus
Aug 14, 2007

iRule limits

I am writing a iRule where check in a regexp a number in the mail message.     To do that, I used the command matches_regex but when I finished the regexp to add in the iRule, I found it is so b...
application delivery
dev
devops
iRules
Andy_Herrman_22's avatar
Andy_Herrman_22
Icon for Nimbostratus rankNimbostratus
Aug 15, 2007
Your ranges look like they can be compressed, potentially by a lot.

For instance, take this snippet:

005491140300000-005491140309999

005491140310000-005491140319999

005491140330000-005491140339999

005491140340000-005491140349999

005491140350000-005491140359999

005491140360000-005491140369999

005491140370000-005491140379999

That could simply be this:

005491140300000-005491140379999

There are some gaps in the range, but in general they could probably be compressed a lot more.

Given that the data appears to be just numbers, not text, it would probably be a lot faster to convert the value you get to a number, and then have some if statements that check that number to see if it's within any of the valid ranges. This would be a ton faster than trying to use a ginormous regex.

Pseudocode (cause I don't feel like writing TCL right now) for a couple random ranges I grabbed 


long value = extractValueFromRequest();
if( (value > 5491140300000 && value < 5491140379999) ||
    (value > 5491144230000 && value < 5491144299999) )
{
  doStuff();
} else {
  reject();
}

If you need to do something different for each of those ranges, and aren't just looking to see if it's a valid range I think it would still go a lot faster to convert to a number and check against the ranges than try to do regexes. Numeric operations are much faster than string operations.