What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

Nearing the thirty mark with the 20LoL it occurs to me that I’m having a harder and harder time with something. No, it’s not finding interesting ideas to feature. The community has been absolutely stellar with that part. There are always plenty of iRules for me to grab either directly or with some modification (which is half the fun). No the issue is that I’m having a tough time remembering if I’ve covered a topic too similar to the current one already.  Forgive me if I end up double dipping at some point. At the very least it will be a new slant on the idea.

I’m pretty sure this week these are all original concepts. I bring to you examples of SSL and Non SSL traffic sharing a vip in harmony, making use of the scan command to dissect URIs, and some more persistence trickery.


SSL and plaintext living together


There was a need to serve SSL traffic for all but only a few URIs, and the desire was to use an iRule to do so.  Fortunately for the original poster someone was quick to seek out some of hoolio’s earlier work via the search function. In this example you can see how to selectively disable encryption for a particular URI.  This could work in the inverse just as easily (selectively enable for only a few secure URIs).


   # Check if request matches the criteria to disable server-side SSL
   if { [HTTP::uri] starts_with "/clear"}{

      # disable SSL on the serverside context
      SSL::disable serverside

      # select the http pool
      pool http_pool

   } else {
      # default is to use server-side SSL and the https pool
      pool https_pool


Multiple Persistence timeouts based on URI


In a very cool juggling act, hoolio puts on yet another seminar on how to use iRules to meet your tricky and extremely specific needs.  He shows here how you can manage a single type of persistence (source address in this case) with multiple timeouts based on the URI that’s requested. The additional trick here is to have the longer timeout not overwritten by the shorter timeout the next time that user requests a URI not in the “extended timeout” list.  I like it.


    # Check requested path
    switch -glob [HTTP::path] {
       "/apps/aml/*" {
          # Persist client for 10 hours
          persist source_addr 36000
       default {
          # Persist client for 1 hour
          persist source_addr 3600


Scanning URIs


The need from the user was to alter multiple variables in a URI. This was complicated further by the structure of the URI and the type of replacement that needed to be done.  Aaron (hoolio) though, swift as ever, managed to whip up a tidy solution to the problem making use of the powerful scan command. This one is definitely cool and shows off this under-used command.


    log local0. "[IP::client_addr]:[TCP::client_port]: New HTTP request to [HTTP::uri]"

    if { [HTTP::uri] contains "adserver/impression" }{
       log local0. "[IP::client_addr]:[TCP::client_port]: Matched URI check"

       # Scan the URI looking for the pid, oid and rand values
       if { [scan [HTTP::uri] {/adserver/impression/pid=%[^/]/oid=%[^/]/rand=%[^/]} pid oid rand] == 3 } {   

          log local0. "[IP::client_addr]:[TCP::client_port]: Scanned three values: pid = $pid, oid = $oid, rand = $rand"
          HTTP::uri [string map "adserver/impression/pid=$pid/oid=$oid/rand=$rand/?click ad.imp?pid=$pid&oid=$oid&rand=$rand/?pclk" [HTTP::uri]]
when HTTP_REQUEST priority 501 {
    log local0. "[IP::client_addr]:[TCP::client_port]: 501: Updated URI: [HTTP::uri]"

There are your three examples for the week in an aggregate 60 lines or less (see what I did there?).  Hopefully you’re continuing to find these interesting to read. I’m definitely still enjoying putting them together and want to give yet another massive thanks to the amazing community as a whole and specifically Hoolio for the continued contributions.