For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

brad9iner_11512's avatar
brad9iner_11512
Icon for Altostratus rankAltostratus
Feb 08, 2017

iRule to log how many requests are being caught by existing iRule

So I have an existing iRule that handles some redirecting of a specific context path over to the root context path: when HTTP_REQUEST { set context_root "/audit" if { [HTTP::path] starts_with ...
BIG-IP
cloud
devops
iRules
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Feb 08, 2017

Hi Brad,

Performance-wise it's slightly more effective to integrate the HSL command into the existing iRule. In this case your F5 doesn't need to parse the HTTP::path twice to check if 

/audit*
is requested.

Management-wise its up to you. Both approaches are absolute valid...

The integration of HSL is rather simple. You may take a look to the iRule below to see how the HSL can be integrated in your existing iRule.

when CLIENT_ACCEPTED {
  set hsl_handle [HSL::open -proto  -pool ]
}
when HTTP_REQUEST {
  set context_root "/audit"
  if { [HTTP::path] starts_with $context_root } {
    HSL::send $hsl_handle "<135> Audit access: [IP::client_addr]\n"
    switch [HTTP::path] {
      "/audit" {
        HTTP::uri "/?[HTTP::query]"
        HTTP::path "/"
      }
      default {
        set substr_uri [substr [HTTP::uri] [string length $context_root]]
        set substr_path [substr [HTTP::path] [string length $context_root]]
        HTTP::uri $substr_uri
        HTTP::path $substr_path
      }
    }
  }
}

Cheers, Kai