What could you do with your code in 20 Lines or Less? That's the question I ask every week, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

After a couple of weeks out of the office, I'm back at it with your weekly dose of iRules goodness in under 20 lines. This week's 20LoL comes from the forums as well as the codeshare. We've got some great examples here, including one iRule that can be used to help augment an already existing LTM module and give it some extra functionality...cool stuff!


Blocking Content with iRules


This is a good example of a robust, logified way to block certain URI parameters from being allowed through to the back-end servers. Aaron's gone to the trouble to both document the code and the output heavily. That might not be the fastest possible solution in production, but it sure is nice for testing.



# Log a debug message with client IP:port and the class contents
log local0. "[IP::client_addr]:[TCP::client_port]: class \$::badStrings: $::badStrings"

# Check if the client IP is part of the hosts datagroup
if { [matchclass [IP::server_addr] equals $::Hosts]}{

# Log a debug message indicating the client IP matched the Hosts class
log local0. "[IP::client_addr]:[TCP::client_port]: matched Hosts class \$::Hosts: $::Hosts"

# Check if the requested URI contains any known bad strings
if { [matchclass [string tolower [HTTP::uri]] contains $::badStrings]}{

# Log a debug message indicating the client matched the Host class and had a bad string in the URI
log local0. "Matched server IP and found bad string in [HTTP::uri]: \
entry# [matchclass [string tolower [HTTP::uri]] contains $::badStrings]"

# Drop the TCP connection


MSM Whitelisting


This codeshare entry shows how you can use an iRule to get even more out of MSM on your LTM. Oh how I love TLAs.  By creating a whitelist of known good IP addresses in this iRule, you can skip MSM processing and wring even more performance out of your BIG-IP...nice!

  priority 1
if { [matchclass [IP::client_addr] equals $::white_list] } {
log local0. "client: [IP::client_addr] found in white_list directed to http_test_pool"
pool http_test_pool
event disable all
elseif { [matchclass [IP::client_addr] equals $::black_list] } {
log local0. " client: [IP::client_addr] found in black_list directed to http_test_pool_2"
pool http_test_pool_2
# or discard
event disable all


Search and Replace via iRule


This example shows some of the things that can be done via the stream profile and selectively enabling replacements via iRules. The stream profile gives you plenty of ability to do data swapping in-line with even more speed than writing out the logic by hand in an iRule. Definitely good stuff.

when HTTP_REQUEST {   
  set replace_content 0  
  if {[HTTP::uri] contains "/atoz/"} {   
    set replace_content 1   
  if {$replace_content equals "1"} {  
    # Disable the stream filter by default  
    # Check if response type is text  
    if {[HTTP::header value Content-Type] contains "text" and [HTTP::header "User-Agent"] contains "***"}{  
      # Replace  
      STREAM::expression "@123@xyz@ @456@xyz@"  
      # Enable the stream filter for this response only  


There you have it, three more examples of iRules goodness in less than 20 lines each. See you next week.