For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Optimizing the CVE-2015-1635 iRule

A couple days ago an iRule was published that mitigates Microsoft’s HTTP.sys vulnerability described in CVE-2015-1635 and MS15-034. It’s a short rule, but it features the dreaded regex. Every time I ...
Published Apr 17, 2015
Version 1.0
application delivery
devops
iRules
LTM
optimization
security
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
Joe_Pruitt's avatar
Joe_Pruitt
Apr 17, 2015
"string match" is an under-used gem of a command. I did some minor testing and that single string match is faster than doing a while loop from 0 to the length of the string (without anything in the loop body). I thought I could be cute and just iterate through the characters in the string but that's almost 3x slower just for the iteration than the string match. I think you'd be hard pressed to get a faster solution in straight TCL without writing a proc in native code.