Hey Derek,
Will have to see what I missed on the old thread - unfortunately I got lost in the fray. The iRule will be processed, at least initially, for every request (if OneConnect is one, and every connection if it is not) that arrives at this virtual server. The entire rule shouldn't necessarily need to be processed, however. I wouldn't worry too much about it unless you see it making a significant difference in the CPU of your devices or the performance times. On the devices I did my proxypass testing with, I didn't see any affect on either.
The best answer to your question about the order of processing is that iRules are all processed in parallel, but events are processed in serial. This was a strange concept at first, but makes sense when taken from the correct view. If you have two rules on a virtual server and they are something like follows:
irule_1
when CLIENT_ACCEPTED{
}
when HTTP_REQUEST {
}
when HTTP_RESPONSE {
}
irule_2
when CLIENT_ACCEPTED {
}
when HTTP_RESPONSE {
}
The CLIENT_ACCEPTED events will fire for the rules - I believe in the order that they are listed/loaded into memory, then the HTTP_REQUEST for rule_1, and then again the HTTP_RESPONSE for both irule_1 and irule_2. This is a slightly different paradigm than what I, at least, had originally expected which was: irule_1 -> CLIENT_ACCEPTED -> HTTP_REQUEST -> HTTP_RESPONSE -> irule_2 -> CLIENT_ACCEPTED -> HTTP_RESPONSE.
You can specify a priority for events, though. I had to do this, in fact, with proxypass to be sure the WAM I was testing saw the original headers and not the proxypass-modified headers. This talks a little more about priorities for events:
http://devcentral.f5.com/wiki/Default.aspx/iRules.priority
I'm still rather puzzled by the fact that it seems to be causing such problems. I will check the old thread to see if there are more details on exactly what happens when it is enabled. Otherwise, there isn't much to go on.
// Ben