Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Tim_W_72292's avatar
Tim_W_72292
Icon for Nimbostratus rankNimbostratus
Oct 24, 2007

Irule with Multiple HTTP checks

Hi All,     I am trying to write a rule that will do multiple check within the HTTP headers, is this possible? Here is what I was thinking:       if {[HTTP::host] equals and [HTTP::st...
application delivery
dev
devops
irules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Oct 24, 2007
You can get the response status in the HTTP_RESPONSE event, but you have to get the Host and URI from a clientside event. This means you have to save the URI for every request to that server. Here's an example:


when HTTP_REQUEST {
    use IP::addr to compare Host header value with the IP we're looking for
   if {[IP::addr [HTTP::header value Host] equals 1.1.1.1]}{
       for a match, save the URI to log if the response is a 400
      set uri [HTTP::uri]
   }
}
when HTTP_RESPONSE {
    check if HTTP response status is a 400
   if {[HTTP::status] == 400}{
       Log the client IP address and the URI
      log local0. "[IP::client_addr] -> $uri generated 400 response"
   }
}

I didn't test this, but it looks right.

Aaron