Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

skfads_167852's avatar
skfads_167852
Icon for Nimbostratus rankNimbostratus
Aug 18, 2015

Need help with understanding this iRule

I have very limited or no knowledge about iRule. It would be of great help if anyone can be able to break down this iRule below. when RULE_INIT { set static::New_netsector_response_body { "" ...
application delivery
devops
irules
LTM
management
Michael_Jenkins's avatar
Michael_Jenkins
Icon for Cirrostratus rankCirrostratus
Aug 19, 2015

Hopefully this will help you understand what's happening. 

when RULE_INIT { 
     Create a static variable to hold the find/replace values you want to check
    set static::New_netsector_response_body { "http://====https://" ":80====nothing" } 
}
when HTTP_RESPONSE { 
     Disable the stream rewriter (to be enabled only if you need to rewrite something)
    STREAM::disable

     Check that the list in RULE_INIT has items
    if {[llength $static::New_netsector_response_body] > 0}
    {
         Default the expression to nothing
        set expression ""

         Loop through each of the list items
        foreach New_netsector_request_rewriteRecord $static::New_netsector_response_body
        {
             Get the first part of the list item (before the "====") as the "find"
            set New_netsector_request_find [getfield $New_netsector_request_rewriteRecord "====" 1]
             Get the last part of the list item (after the "====") as the "replace"
            set New_netsector_request_replace [getfield $New_netsector_request_rewriteRecord "====" 2]

             If the "replace" value is "nothing" then default replace to blank
            if {$New_netsector_request_replace == "nothing"} {
                set New_netsector_request_replace ""
            }

             Append the find/replace values to the expression string
            set expression "$expression@$New_netsector_request_find@$New_netsector_request_replace@"
        }

         Check the response to only try to rewrite these specific content-types
        if {[HTTP::header Content-Type] contains "text" or [HTTP::header Content-Type] contains "xml" or [HTTP::header Content-Type] contains "java"}
        {
             Try to set and enable the stream rewriter expression (catching an error if it occurs so it doesn't blow up the iRule)
            if { [catch {
                STREAM::expression $expression
                STREAM::enable
            } result] }
            {
                 Log the error message
                   log local0. "fffffffffff $result"
            }
        }
    }
}

On a separate note, this seems really inefficient, and it could be rewritten to remove a bit. I'd recommend just setting the expression in the static variable and using that... like this (not tested, so may contain a syntax error somewhere)

when RULE_INIT { 
     Create a static variable to hold the expression
    set static::New_netsector_expression { @http://@https://@ @:80@@ } 
}
when HTTP_RESPONSE { 
     Disable the stream rewriter (to be enabled only if you need to rewrite something)
    STREAM::disable

     Check that the list in RULE_INIT has items
    if {not($static::New_netsector_response_body equals "")} {        
         Check the response to only try to rewrite these specific content-types
        switch -glob [HTTP::header value Content-Type] {
            "*text*" -
            "*xml*" - 
            "java" {
                 Try to set and enable the stream rewriter expression (catching an error if it occurs so it doesn't blow up the iRule)
                if { [catch {
                            STREAM::expression $expression
                            STREAM::enable
                        } result] } {
                     Log the error message
                       log local0. "fffffffffff $result"
                }
            }
        }
    }
}