Forum Discussion

dexthor_22173's avatar
Icon for Nimbostratus rankNimbostratus
May 16, 2011

Skip rewriting of External URLs

I am new to F5 iRules, so please bear with me.





0. Assume my domain is


1. An Extranet of several existing applications and Portal pages.


2. Some of the links on the Applications & Portals point to our partner sites (;




My requirement:


When the user clicks on the partner link, currently F5 is rewriting it to proxy the external links.


My need is to skip/bypass rewriting of any URLs that do not belong to


Also, I would like to define a "white list of trusted partners" and block all others (For example: to avoid phishing).



How can I achieve that using iRules ?



Many thanks




2 Replies

  • Hi Dexthor,


    I believe you can.



    I think you might want to take a look at the following wiki section for STREAM::expressions. The 4th and 5th Example depicts pretty closely to what you want started.


    Click Here




    In regards to drawing up a while list you should read the following forum that uses datagroups within the STREAM expression;


    Click Here



    Combining these 2 pieces of information should get close to what you are looking for.



    You can always post details about current method you are using to rewrite the links. That would help us in the forums to be a bit more specific.







  • As Bhattman said, I think the last example is closest for doing validation of the links. If you provide more exact (but anonymized) examples of the response content you do and don't want to rewrite, we can give you more specific ideas on how to implement it. You could potentially have a whitelist of domains in a string datagroup and then use the class command to check the domains in the STREAM_MATCHED event:

    when HTTP_REQUEST {
        Disable the stream filter for all requests
    when HTTP_RESPONSE {  
        Check if response type is text  
       if {[HTTP::header value Content-Type] contains "text"}{  
           Match an http://* string and replace it with nothing yet
          STREAM::expression {&http://.*?example\.com&&}
           Enable the stream filter for this response only  
    when STREAM_MATCHED {  
        Check if the matched string meets some condition that can't easily be checked for using a single regex in STREAM::expression
       if {[STREAM::match] starts_with "host1"}{
           Replace http:// with https:// and do the replacement
          STREAM::replace "[string map {http:// https://} [STREAM::match]]"
          log local0. "[IP::client_addr]:[TCP::local_port]: matched: [STREAM::match], replaced with: [string map {http:// https://} [STREAM::match]]"