Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

mahnsc's avatar
mahnsc
Icon for Nimbostratus rankNimbostratus
Apr 06, 2012

Three Questions on STREAM iRule

I have a web site that is sending a couple different absolute URLs that required me setting up a couple of STREAM::expression irules. Each rule worked fine when running under 9.4.3 but when we upgra...
application delivery
dev
devops
irules
nitass's avatar
nitass
Icon for Employee rankEmployee
Apr 06, 2012
it matches for ::crfind in my testing.

anyway, why do you use same if condition ([HTTP::header value Content-Type] contains "text") twice??

and have you seen this article?

LTM stream profile: Multiple replacements & regular expressions by Deb

https://devcentral.f5.com/Tutorials/TechTips/tabid/63/articleType/ArticleView/articleId/101/LTM-stream-profile-Multiple-replacements-regular-expressions.aspx 

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      stream {}
      tcp {}
   }
}
[root@ve1023:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve1023:Active] config  b rule myrule list
rule myrule {
   when RULE_INIT {
   set ::crfind "http://host.domain.tld:8443/"
   set ::cr2find "http://host.domain.tld:8080/"
   set ::crreplace "https://host.domain.tld/"
}
when HTTP_REQUEST {
   STREAM::disable
}
when HTTP_RESPONSE {
   if {[HTTP::header value Content-Type] contains "text"} {
      STREAM::expression "@$::crfind@$::crreplace@"
      STREAM::enable
   } elseif {[HTTP::header value Content-Type] contains "text"} {
      STREAM::expression "@$::cr2find@$::crreplace@"
      STREAM::enable
   } else {
      STREAM::disable
   }
}
when STREAM_MATCHED {
   log local0. "Matched [STREAM::match]"
}
}

 original response (not passing bigip)

[root@ve1023:Active] config  curl -i http://200.200.200.101/test.html
HTTP/1.1 200 OK
Date: Fri, 06 Apr 2012 15:05:41 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 06 Apr 2012 15:02:30 GMT
ETag: "418447-a9-f207ed80"
Accept-Ranges: bytes
Content-Length: 169
Content-Type: text/html; charset=UTF-8




http://www.google.com/
http://host.domain.tld:8443/something
http://host.domain.tld:8080/somethingelse
http://www.yahoo.com/



 response when passing bigip

[root@centos251 ~] curl -i http://172.28.19.79/test.html
HTTP/1.1 200 OK
Date: Fri, 06 Apr 2012 15:12:57 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 06 Apr 2012 15:02:30 GMT
ETag: "418447-a9-f207ed80"
Accept-Ranges: bytes
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked




http://www.google.com/
https://host.domain.tld/something
http://host.domain.tld:8080/somethingelse
http://www.yahoo.com/



 bigip

[root@ve1023:Active] config  cat /var/log/ltm
Apr  6 08:12:27 local/tmm info tmm[4797]: Rule myrule : Matched http://host.domain.tld:8443/