Forum Discussion
I'll take it right from the iRules wiki page:
An iRule is a powerful and flexible feature within the BIG-IP® local traffic management (LTM) system that you can use to manage your network traffic. The iRulesTM feature not only allows you to select pools based on header data, but also allows you to direct traffic by searching on any type of content data that you define. Thus, the iRules feature significantly enhances your ability to customize your content switching to suit your exact needs.
In other words, an iRule is a packet-level programming API that allows you to control every aspect of client-server communications, and at wire-speed. An iRule can see and touch every bit between OSI layers 4 and 7 (and to some degree layer 3 as well), in any direction, and within any layer 4+ protocol. This capability allows the BIG-IP to not only route traffic (requests and responses) based on environmental criteria (request context, response data), but also re-route, rewrite, add, and remove protocol data in some very intelligent ways.
You can, for instance, route requests to different servers based on the URI or a cookie value. You can, for example, retry a different server if the chosen server returns a bad response, or completely rewrite the response. You can, for instance, request a client certificate, validate it, and then send formatted x509 data to a server as part of a more elaborate authentication mechanism. And you can, for example, create an entire web server with iRules, complete with images, JavaScript, and server side processing. There are many more examples of these capabilities, as this forum illustrates, and the possibilities are practically limitless.