Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Patti_G_72768's avatar
Patti_G_72768
Icon for Nimbostratus rankNimbostratus
Oct 01, 2013

Regex rule conversion to iRule

Hi all, I'm a newbie and have been working on converting a regex rule to an iRule. I wanted to reach out to the community to see if I can get some help with what I have written so far. The regex rule...
application delivery
devops
irules
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 01, 2013

I think you could probably skip a strict regex implementation and use something like a set of data groups or a set of lists. Here's what it might look like with string-based data groups.

my_method_dg

"get" := ""
"head" := ""
"propfind" :=
"options" := ""

my_type_dg

"application/x-www-form-urlencoded" := ""
"multipart/form-data" := ""
"text/xml" :=

And the iRule:

when HTTP_REQUEST {
    if { ( [class match [string tolower [HTTP::method]] contains my_method_dg] ) and ( [class match [string tolower [HTTP::header Content-Type]] contains my_type_dg] ) } {
        log local0. "Request content type is not allowed by policy."
        HTTP::respond 501 content "Request content type is not allowed by policy."
        event disable
    }
}

One other minor change was also required. The drop and HTTP::respond commands are mutually exclusive. One will respond with content and the other will simply drop the connection.