What could you do with your code in 20 Lines or Less?

That's the question we like to ask from, for, and of (feel free to insert your favorite preposition here) the DevCentral community, and every time we do, we go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head. Thus was born the 20LoL (20 Lines or Less) series many moons ago. Over the years we've highlighted hundreds of iRules examples, all of which do downright cool things in less than 21 lines of code.

iRule to Stop SSLv3 Connections

https://devcentral.f5.com/articles/irule-to-stop-sslv3-connections

This iRule is pertinent for protecting your back end servers from POODLE attacks for ssl traffic delivered through but not terminated on the BIG-IP. As usual, Jeff Costlow is all over these various ssl vulnerabilities.

 

when SERVER_CONNECTED {
  set Debug 1
  set Collect_Len 3
  TCP::collect $Collect_Len
}
when SERVER_DATA {
  set Buf_Len [TCP::offset]
  if { $Buf_Len < 3 } {
    incr Collect_Len -$Buf_Len
    TCP::collect $Collect_Len
    return
  }
  binary scan [TCP::payload] cS Rec_Type Version
  if { $Version <= 768 } {
    log local0. "stop_ssl3: Rejecting SSL3 or lower connection attempt from [IP::client_addr]"
    reject
  } else {
    TCP::release
  }
}

 

Select Pool Based on Http Payload

https://devcentral.f5.com/questions/how-to-select-pool-based-on-http-payload-

This is slick. Sergio is taking post data to select pools. Not sure if this is for a better level of service, or for heightened security screening, but a really useful scenario none the less. The astute among you will notice that there are 22 lines instead of 20. Well, Colin's rules don't count the lines wasted by a single bracket, so I'm just toeing the line here. Take it up with Colin!

 

when HTTP_REQUEST {
	if { ([HTTP::method] eq "POST") } {
		HTTP::collect [HTTP::header Content-Length]
	}
}
when HTTP_REQUEST_DATA {
	set decoded [decode_uri [HTTP::payload]] 
	set ini [string first "\"idBiller\"" $decoded]
	if { $ini != -1 } {
		set end [string first "," $decoded $ini]
		set value [string range $decoded $ini [expr {$end-1}]]
		set idBiller [lindex [split $value ":"] 1]
		switch -exact $idBiller {
			11111111 {
				pool Pool_XXX
			}
			default {
				pool Pool_YYY
			}
		}
	}
}

 

iRule Environment Variables

https://devcentral.f5.com/questions/irule-environment-variables-any

This might be a first, in that there isn't really an iRule featured here. But the concept is important, so I'm breaking rank. Jie asked about environment variables. THi weighed in with one, but here's the comprehensive list of tcl_platform options.

  • $static::tcl_platform(os)
  • $static::tcl_platform(osVersion)
  • $static::tcl_platform(tmmVersion)
  • $static::tcl_platform(byteOrder)
  • $static::tcl_platform(platform)
  • $static::tcl_platform(wordsize)
  • $static::tcl_platform(machine)
  • cpu

Another useful set of commands not directly environment variables but system related are in the TMM namespace.

  • TMM::cmp_cluster_primary
  • TMM::cmp_count 
  • TMM::cmp_group
  • TMM::cpm_unit

And that's a wrap! Super powered functionality featured in less than 60 lines of code.