Unable to understand an irule

 If the user ID is found within the first 2048 characters of the SSL payload...
if { [SSL::payload 2048] contains "user.userId" } {
   Search for "\x75\x73\x65\x72\x2e\x75\x73\x65\x72\x49\x64\x0d\x0a" in the payload and store the
   indices of the first and last characters of the search string in the payload to the variable "firstmatch"
  regexp -indices "\x75\x73\x65\x72\x2e\x75\x73\x65\x72\x49\x64\x0d\x0a" [SSL::payload] firstmatch 

   Write a message to the event log
  log local0. "firstmatch: $firstmatch" 

   Set the variable matchlen to the number of characters between the first and last index (stored in "firstmatch")
  set matchlen [expr {[lindex $firstmatch 1] - [lindex $firstmatch 0] + 1}] 

   Set the variable "replacement" to an empty string so that it can be referenced
  set replacement "" 

   Starting at the first index of the search string in the payload, replace the next N characters (the value of "matchlen") 
   of the payload with an empty string
  SSL::payload replace [lindex $firstmatch 0] $matchlen $replacement 

   Write the first 2048 characters of the updated payload
  log local0. "SSL Payload-first: [SSL::payload 2048]" 
} 

Essentially, if you had "abcdefghijklmnopqrstuvwxyz" and you wanted to remove "bcde", the code above first finds the position of the "b" and the position of the "e" and stores those values to "firstmatch". In this case, "firstmatch" would equal [01,04]. Then the code calculates the number of characters in the string "bcde" and sets that value to "matchlen" (4 characters). Then it replaces "bcde" in the string with "", thus removing those characters. Lastly, it writes the updated string to the log, which would now be "afghijklmnopqrstuvwxyz"

I hope this helps!