Forum Discussion

MukeshK

Nimbostratus

May 17, 2021

Match string "username" inside TCP:Payload

I have a requirement to extract Client IP address as soon as VIP sees a LDAP Bind request from a particular username.

I have gone through couple of forums and found this relevant:

when CLIENT_ACCEPTED {

TCP::collect 100

}

when CLIENT_DATA {

# check if payload contains the string we want to replace

if { [TCP::payload ] contains "username_adam" } {

#logging Client ip as soon as see bind request coming from username adam

log local0. "Client ip logged is [IP::client_addr]"

TCP::release

TCP::collect

}

Any answers and help would be appreciated.

No RepliesBe the first to reply

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Match string "username" inside TCP:Payload

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Intermediate iRules: Handling Strings

string first replacement procedure for ID999881

Random String Generators

Payload string based persistence

Convert curl command to BIG-IP Monitor Send String

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS