Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

irules

19449 Topics

iRule for client certificate
We would like to have F5 configured to not always request client certificate authentication, but to request it only when the path matches specific URL
Yogesh_Joshi
May 04, 2026 Place Technical Forum
658Views
0likes
3Comments
iRules for recreation: HTTP Protocol Parser implemented using BIG-IP iRule(unfinished)
Hi, everyone in devcentral: I am currently using iRules to simulate the basic functions of an http profile. With this set of scripts, you can achieve similar functionality without needing to mount an http profile on Virtual Server. This set of scripts is only for learning iRules, HTTP, TCP, and related knowledge, and must not be used in a production environment. If there is a need for HTTP protocol parsing, please use the http profile. The current functions are not yet complete; additional features will be added later. Anyone interested are welcome to provide suggestions. GitHub - lfptss/http_protocol_parser · GitHub
ecolauce
Apr 20, 2026 Place Technical Forum
217Views
1like
3Comments
Help with an iRule to disconnect active connections to Pool Members that are "offline"
In order to update an application, we put one node out of two offline in the pool. However, any existing connections don't get directed to the node that is online. It gets a 404 error. Is there an iRule that can detect the node is offline and drain the connections and redirect it to the node that is actually online? Saw this article, but it does not work for us. https://clouddocs.f5.com/api/irules/LB__status.html I have also tried something like this (see below). I tried putting some debug code in the log to show status, but I can't get a status other than "up" in the logs, even when I force the nodes offline. I am hoping someone has done this. "------------------- when LB_SELECTED { # Extract pool, IP, and port set poolname [LB::server pool] set ip [LB::server addr] set port [LB::server port] # Get member status correctly set status [LB::status pool $poolname member $ip $port] log local0. "Selected member $ip:$port in pool $poolname has status $status" if { $status eq "down" } { log local0. "Member is DOWN (possibly forced down) – reselection triggered" LB::reselect } } --------------------------------"
Solved
Worker
Apr 06, 2026 Place Technical Forum
355Views
1like
7Comments
How to add Syslog headers to Bot Defense logs over HSL? (Missing formatting options)
Hi DevCentral Community, I am running into issue with logging Bot Defense events to our SEIM (AIsaac) and could use some advice on best practices. We have logging profile configured to send both Application Security (ASM) and Bot Defense logs to a Remote Publisher. The Publisher is currently tied to a Remote HSL(High-Speed-Logging) destination. The Problem: For standard ASM WAF logs, we can easily format the log string directly in the GUI under the Applications Security logging tab. However, under the Bot Defense logging tab, there is no option to customize the log format. Because it is sending directly to a raw HSL destination, the Bot Defense logs are arriving at out SEIM completely stripped of standard Syslog headers. Without these headers, the SEIM cannot parse the logs correctly. My Questions: Is inserting a Syslog formatted destination before the HSL destination the official way to inject standard headers into Bot Defense logs? Is there any hidden tmsh command or iRule method to actually customize the Bot Defense log payload format, or is the payload structure strictly fixed by the system?
zaid_bhati
Mar 26, 2026 Place Technical Forum
154Views
0likes
1Comment
AppWorld DC Booth Kiosk Generator
Welcome to AppWorld, community! You may or may not be with us in person, but you can watch this thread for iRules that are either generated or described by the Distributed Cloud AI Assistant.
JRahm
Mar 12, 2026 Place Technical Forum
403Views
1like
26Comments
Create Domino LTPA token on F5 problem
Hi, I'm trying to use the code at http://per.lausten.dk/blog/2009/06/how-to-create-a-ltpa-session-cookie-for-lotus-domino-using-f5.html to create a Domino LTPA token but I am getting the following error showing on the Domino server: Token does not lead with 0 [Single Sign-On token is invalid]. The token should begin with the version number 0123 e.g. from the code set ltpa_version "\x00\x01\x02\x03" However, after decoding the token and then looking at it in a hex editor the version number shows as: C0 80 01 02 03 ....... Can somebody explain to me why the \x00 is being changed to C0 80 please? I've experimented putting other numbers in thefirst position to see what happens e.g. \x01\x01\x02\x03 and the hex readout looks correct i.e. 01 01 02 03. It only fails when I use a \x00 in the first position. Thanks for any suggestions. Jeff
Jeff_Green_4244
Mar 02, 2026 Place Technical Forum
931Views
0likes
17Comments
F5 AWAF/ASM ASM_RESPONSE_VIOLATION event seem to not trigger on 17.1.x
Hey Everyone, The F5 AWAF/ASM ASM_RESPONSE_VIOLATION event seem to not trigger on 17.1.x. I have enabled irules support the waf policy and I tested in Normal and Compatibility mode but no luck. The other events trigger without an issue. I created 2 custom signatures for response and request match and request match one has no issues so it seems a bug to me. This can be easily tested with the below irule that logs to /var/log/asm when ASM_REQUEST_DONE { log local3. "test request" } when ASM_RESPONSE_VIOLATION { log local3. "test response" } The custom response signature is in the policy to just trigger alarm. I tried string or regex match " (?i)failed " PCRE-style as F5 15.x and up are using this regex style.
Nikoolayy1
Nov 18, 2025 Place Technical Forum
198Views
0likes
2Comments
How to log HTTP/2 reset_stream
Hello, We are currently in a meeting to prepare for HTTP/2 DDoS attacks. What we would like to do is log the client’s IP address (either local or remote) whenever an HTTP/2 RESET_STREAM is received. Is there any way to achieve this? Would it be possible to implement using an iRule? Thank you.
JO_JO
Nov 10, 2025 Place Technical Forum
128Views
0likes
1Comment
IRule to block different combinations host/uri
hello together, we've got a VIP with a lot of CNAME's and a few login-URI's should be blocked, but not all. so in our Irule we have some Entries like: elseif { [HTTP::uri] starts_with "/presse/login"} { HTTP::respond 403 but now we need special Combinations of [HTTP::host][HTTP::uri] could you pls provide me some Example? I'm not sure if [HTTP::host] matches alo for HTTPS. Thank you Karl
kgaigl
Oct 19, 2025 Place Technical Forum
124Views
0likes
1Comment
iRule, Traffic Policy or Re-Write Policy
Hi, I have created an iRule that maps source addresses to a particular pool when CLIENT_ACCEPTED { if {[class match [IP::client_addr] equals clients1] } { pool POOL_1 } elseif {[class match [IP::client_addr] equals clients2] } { pool POOL_2 } elseif {[class match [IP::client_addr] equals clients3] } { pool POOL_3 } elseif {[class match [IP::client_addr] equals clients4] } { pool POOL_4 } elseif {[class match [IP::client_addr] equals clients5] } { pool POOL_5 } else { pool POOL_6 } } I have a re-write policy that changes the uri https://example.com to https://examples.com/test When the connection completes to the backend servers, they respond with their hostname in the browser. I want to keep https://example.com on the client side but I'm not sure how to achieve this. I thought I could do a response within my re-write policy but this fails. I then looked at traffic policies but already have an ASM policy attached Should I try and achieve everything under one irule (if so how, might I do this) It replaces the original uri with a new uri (going to the server) Have my current source to pool mapping Replace the server hostname with the original uri https://example.com Thanks for any pointers
Solved
sjy2025
Oct 01, 2025 Place Technical Forum
353Views
0likes
11Comments