Forum Discussion

Aantat's avatar
Icon for Cirrus rankCirrus
Jan 16, 2023

Send a POST API Request via iRule

Hello team.

Help me please with sending a POST api request via iRule. What I want is somethink like this:




    *I don't know what command should be here* "POST /sample/post/json%0A HTTP/1.0\n
Host:\n {Client_address: IP::client_addr}"



or just:


    *send via API to another host* "Client_address= IP::client_addr"


So the main goal is send Client Address from Violation event to another host via API. Is it possible to do something like that?

9 Replies

  • xuwen's avatar
    Icon for Cumulonimbus rankCumulonimbus

    send POST method should use the iRules sideband method. The difficulty is whether your server POST does not require username, password or Token authentication about F5? 

    firstly, F5 whether can ping NGFW and telnet NGFW 80(assume NGFW api service port is 80)?

    secondly, if F5 can not telnet NGFW 80,  F5 need to add network route to NGFW, make sure F5 can telnet NGFW 80

    here is the http post api code(NGFW api service mode does not work in https://xxxx mode), NGFW(example NGFW ip is, api service port is 80) with no authentication for POST 




    when ASM_REQUEST_DONE priority 500 {
        set asm_ip [ASM::client_ip]
        set asm_json "\{\"Client_address\":$asm_ip\}"
        set content_length [string length $asm_json]
        set data "POST /sample/post/json HTTP/1.0\r\nHost:\r\nContent-type: application/json\r\nContent-Length: ${content_length}\r\n\r\n${asm_json}"
        if { [catch {connect -time 1000 -idle 30 -status conn_status} conn_id] == 0 && $conn_id ne "" } {
            log local0. "Connect returns: $conn_id and conn status: $conn_status"
            set send_bytes [send -timeout 1000 -status send_status $conn_id $data]
            log local0. "Sent $send_bytes with status $send_status"
            close $conn_id
        } else {
            log local0. "Connection could not be established to NGFW"




    • CA_Valli's avatar
      Icon for MVP rankMVP

      I agree with the other MVP's here, sideband works like a charm - just yesterday I was deploying a new service that needs to trigger an API connection to an external database to retrieve some info that I use to distribute the packet, and I'm using sideband for that.