20 Lines or Less #83

What could you do with your code in 20 Lines or Less?

That's the question we like to ask from, for, and of (feel free to insert your favorite preposition here) the DevCentral community, and every time we do, we go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head. Thus was born the 20LoL (20 Lines or Less) series many moons ago. Over the years we've highlighted hundreds of iRules examples, all of which do downright cool things in less than 21 lines of code.

Poodle Mitigation but Can't Disable SSLv3

https://devcentral.f5.com/s/questions/poodle-mitigation-but-cant-disable-sslv3

Community member Christopher faced a situation where he could not disable SSLv3 for a clients in a certain IP range. I suggested a direction but his final solution was even more simple than the path I was encouraging him down. Nice job!

 

when CLIENT_ACCEPTED {
  if { [class match [IP::client_addr] equals "sslv3_allowed"] } {
    SSL::profile sslv3_enabled
  } else {
      SSL::profile sslv3_disabled
  }
}
when HTTP_REQUEST {
  SSL::renegotiate
}

Rewrite a Part of the Query String

https://devcentral.f5.com/s/questions/i-need-to-rewrite-a-portion-of-a-query-string-while-preserving-all-other-components-how-can-i-do-this

Nitass takes advantage of the new write capability (as of version 11.5) in the HTTP::query command to help member jmartineau9 rewrite the query with an alternative query key. String map to the rescue!

 

when HTTP_REQUEST {
  set qry [HTTP::query]
  set id [URI::query "?$qry" "id"]
  if { $id ne "" } {
    HTTP::query [string map [list id=$id entityid=$id] $qry]
  }
}

HSRP and VRRP Optimization

https://devcentral.f5.com/s/wiki/iRules.HSRP_and_VRRP_SmartHOP_iRule_Optimization.ashx

This rule has been around for a while in the codeshare, but I ran across it looking for something else and thought it warranted inclusion. Originally crafted by Michael Earnhart, I updated it for v10+ systems. Basically, it takes the virtual mac for a router pair from a data-group defined by an admin and sets the lasthop to that instead of the hardware mac the traffic originated from, alleviating black holed traffic during gateway failover events.

 

when CLIENT_ACCEPTED {
  set entry [class lookup [format %s [LINK::lasthop]] RouterA]
  if { $entry ne "" } {
    lasthop [lindex $entry 1] [lindex $entry 0]
  }
}

 

And that's a wrap! Super powered functionality featured in less than 60 lines of code.

Published Nov 18, 2014
Version 1.0
No CommentsBe the first to comment