Apache Log4j2 (CVE-2021-44228) mitigation iApp

Problem this snippet solves:

There is a CVE released related to Apache log4j, which could be a vulnerability on a server located behind the BIG-IP.

F5 SIRT have helpfully created an iRule to mitigate this vulnerability, this is an iApp to simplify creation and management of the iRule.

How to use this snippet:

Install the iApp Template

  • Download and unpack the archive
  • Login to BIG-IP TMUI and navigate to iApps>Templates
  • Hit Import button, select the template and hit Upload

Create an iRule instance

  • Navigate to iApps>Application Services>Applications
  • Hit Create button, enter a relevant Name and select the log4j2_mitigation template
  • Set the Debug Level ( Off, Attack or Debug ). Off = no logs, Attack = logs in the case of an attack detected, Debug = more detailed logs
  • Hit Finished - iRule should be created

Assign iRule to virtual server

  • Navigate to LTM>Virtual Servers.
  • Click on the Virtual Server, navigate to Resources tab
  • Click Manage button under iRules section, add iRule. Note the Virtual Server must have an assigned http profile for this iRule, otherwise it will throw an error.

Manage iRule

  • If you have issues with the iRule or want to modify logs, navigate to iApps>Application Services>Applications and click on the deployed service.
  • Navigate to the Reconfigure tab, make changes and hit Finished

Tested this on version:


Updated Feb 08, 2022
Version 2.0

Was this article helpful?


  • Hi Pete, Nice! Thanks for sharing. Maybe you can also make it possible to modify the priority setting, so you can give it a higher priority when multiple iRules are being used on the same virtual server.

  • Thanks for the suggestion Niels, i've done that. Maybe you can try it out and let me know

  • Hi Juan, yes it can be applied without ASM. This is an iRule that is assigned to the virtual server directly. You can obviously do this via the ASM Attack Signatures as well, which would probably be more performant.