Forum Discussion

Nimbostratus

Mar 09, 2011

iRule only runs once

I have a BigIP 3400 running BIG-IP 9.4.8 Build 355.0 Final. I am trying to do some payload replacement. I contacted tech support and they told me to ask here. I would have thought they would know ...

Nimbostratus

Mar 10, 2011

Hi,

You should be able to achieve this relatively easily using the STREAM::replace command. Have a look at the example below.


when HTTP_REQUEST {
 Collects the entire payload as per content lenght 
HTTP::collect [HTTP::header Content-Length]
}

when HTTP_REQUEST_DATA 
 Sets var to string 
set string_to_find [findstr [HTTP::payload] TAG  4 <]
log local0. "String $string_to_find identified in Request payload"
 Release payload
HTTP::release
}

when HTTP_RESPONSE {      
 Disable the stream filter by default      
    STREAM::disable       
 You can use strings or Regexs to match string (this one matches email addresses)
STREAM::expression {@[a-z0-9._%+-]+\@[a-z0-9.-]+\.[a-z]{2,6}@@}  
 Reenables the stream filter  
    STREAM::enable    
    }  

    when STREAM_MATCHED {    
 Sets data to replace
set data_to_replace "something"
     Replaces string with var    
STREAM::replace $data_to_replace   
    }

Cheers,

Claud

Forum Discussion

iRule only runs once

Recent Discussions

GTM Packet Capture command

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Open Redirection Mitigation

How to Implement 2 Way SSL in F5 LTM

Related Content

Run AI LLMs Centrally and Protect API Inferencing with F5 Distributed Cloud API Security

Ansible - Running bash commands with bigip_command module - How it's done

Run Advanced Containers like OPSWAT Content Scrubbing Directly On F5 Distributed Cloud Nodes

Use F5 Distributed Cloud to Connect Apps Running in Multiple Clusters and Sites

Running F5 with managed Azure RedHat OpenShift