We all understand the lines in the sand (or the architectural diagram) that separate client-side scripting from server-side scripting. It's very clear that client-side scripting, e.g. JavaScript, VBScript, ActionScript, executes on the client while server-side scripting, e.g. PHP, ASP, executes on the server. But what about network-side scripting?

"There is no such thing!" might be the first response to this question, but I beg to disagree. Programmable proxies, a la F5's BIG-IP Local Traffic Manager, that provide a scripting language such as iRules, are simultaneously client-side and server-side, with the best definition to describe their placement in architectures being network-side scripting.

That's because the scripting, which is not different at all from client or server side scripting, executes in the network rather than on the client or the server. It has a view of both the client and the server and the data being exchanged between them because of its unique placement in the communication channel.


Network-side scripting essentially gives you a view of both client and server environments simultaneously, and in a single, unified location.

For example, network-side scripting can react to server-focused data like HTTP responses, cookies, and session information while simultaneously taking into consideration client-side information - HTTP requests, cookies, submitted data, and even the network conditions currently being experienced by that specific client. Because a programmable proxy is by necessity a full proxy, it is both client (to your application) and server (to the browser/customer) and can view all interactions between the two as a cohesive unit rather than as disconnected pieces of data.

[Edited to include an example, thanks to a suggestion from Bob in the comments!]

Here's an example of Cookie encryption that uses network-side scripting. The entire script runs in the network (on the proxy) but we've split the code into "client" and "server" side to show how network-side scripting can deal with both sides of the equation. There is additional script that executes when the rule is first initialized. You can check it out in the article that is the source for this code.

"Client side" "Server side"
# If the error cookie exists with any value, for any requested object, try to decrypt it
if {[string length [HTTP::cookie value $::cookie]]}{

if {$::cookie_encryption_debug}{log local0. \
"Original error cookie value: [HTTP::cookie value $::cookie]"}

# URI decode the value (catching any errors that occur when trying to
# decode the cookie value and save the output to cookie_uri_decoded)
if {not ([catch {URI::decode [HTTP::cookie value $::cookie]} cookie_uri_decoded])}{

# Log that the cookie was URI decoded
if {$::cookie_encryption_debug}{log local0. "\$cookie_uri_decoded was set successfully"}

# Decrypt the value
if {not ([catch {AES::decrypt $::aes_key $cookie_uri_decoded} cookie_decrypted])}{

# Log the decrypted cookie value
if {$::cookie_encryption_debug}{log local0. "\$cookie_decrypted: $cookie_decrypted"}
} else {

# URI decoded value couldn't be decrypted.
} else {
# Cookie value couldn't be URI decoded
} else {
# Cookie wasn't present in the request
Comments on this Article
Comment made 31-Oct-2008 by Lori MacVittie

Thanks for the suggestion. You are absolutely right; I've edited the post to include a code example to illustrate how network-scripting works.

Comment made 11-Dec-2008 by Lori MacVittie
9 ways to use network-side scripting to architect faster, scalable, more secure applications
Comment made 05-Jan-2009 by Lori MacVittie
Stop brute force listing of HTTP OPTIONS with network-side scripting
Comment made 31-Mar-2009 by Lori MacVittie
How to recoup the costs associated with long URLs and variable names
Comment made 02-Nov-2009 by Lori MacVittie
Using Network-Side Scripting to Convert Microsoft Smart Quotes to HTML Entities
Comment made 15-Sep-2014 by whswhswhs124 19