That's the question we like to ask from, for, and of (feel free to insert your favorite preposition here) the DevCentral community, and every time we do, we go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head. Thus was born the 20LoL (20 Lines or Less) series many moons ago. Over the years we've highlighted hundreds of iRules examples, all of which do downright cool things in less than 21 lines of code.

iRule to Stop SSLv3 Connections


This iRule is pertinent for protecting your back end servers from POODLE attacks for ssl traffic delivered through but not terminated on the BIG-IP. As usual, Jeff Costlow is all over these various ssl vulnerabilities.


  set Debug 1
  set Collect_Len 3
  TCP::collect $Collect_Len
  set Buf_Len [TCP::offset]
  if { $Buf_Len < 3 } {
    incr Collect_Len -$Buf_Len
    TCP::collect $Collect_Len
  binary scan [TCP::payload] cS Rec_Type Version
  if { $Version <= 768 } {
    log local0. "stop_ssl3: Rejecting SSL3 or lower connection attempt from [IP::client_addr]"
  } else {


Select Pool Based on Http Payload


This is slick. Sergio is taking post data to select pools. Not sure if this is for a better level of service, or for heightened security screening, but a really useful scenario none the less. The astute among you will notice that there are 22 lines instead of 20. Well, Colin's rules don't count the lines wasted by a single bracket, so I'm just toeing the line here. Take it up with Colin!


if { ([HTTP::method] eq "POST") } {
HTTP::collect [HTTP::header Content-Length]
set decoded [decode_uri [HTTP::payload]] 
set ini [string first "\"idBiller\"" $decoded]
if { $ini != -1 } {
set end [string first "," $decoded $ini]
set value [string range $decoded $ini [expr {$end-1}]]
set idBiller [lindex [split $value ":"] 1]
switch -exact $idBiller {
11111111 {
pool Pool_XXX
default {
pool Pool_YYY


iRule Environment Variables


This might be a first, in that there isn't really an iRule featured here. But the concept is important, so I'm breaking rank. Jie asked about environment variables. THi weighed in with one, but here's the comprehensive list of tcl_platform options.

  • $static::tcl_platform(os)
  • $static::tcl_platform(osVersion)
  • $static::tcl_platform(tmmVersion)
  • $static::tcl_platform(byteOrder)
  • $static::tcl_platform(platform)
  • $static::tcl_platform(wordsize)
  • $static::tcl_platform(machine)
  • cpu

Another useful set of commands not directly environment variables but system related are in the TMM namespace.

  • TMM::cmp_cluster_primary
  • TMM::cmp_count 
  • TMM::cmp_group
  • TMM::cpm_unit

And that's a wrap! Super powered functionality featured in less than 60 lines of code.


    Published Oct 22, 2014
    Version 1.0

