iRule not effective for existing connections

So far as I understand, not only iRules but most of configuration change will not affect existing connections. I do not know how to identify using Wireshark, but checking connection table will help. show /sys connection all-properties

thibino is correct that iRule changes only take effect on new connections.

You could leave the iRule enabled at all times, but use a data group to store an on|off value. The iRule would use the class command to check the data group key to see if non-GET requests should be blocked.

https://devcentral.f5.com/wiki/iRules.class.ashx

when HTTP_REQUEST {
    Check if the maintenance key is set to on in the maint_dg datagroup
   if {[class lookup "maintenance" maint_dg] eq "on"}{

       Check if this is not a GET request
      if {not ([HTTP::method] eq "GET")}{

          Send an HTTP response with cache control headers set to not cache the response
         HTTP::respond 200 content {Please retry your request later.  Maintenance!} Connection Close Cache-Control No-Cache Pragma No-Cache
      }
   }
}

Aaron

Or if we can identify client IP address for checking, we can filter using | grep

I think you want to use a OneConnect profile. Without it, existing connections will not be affected by changes in iRules.

http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7208.html

    **Content Switching**
When a OneConnect profile is enabled for an HTTP virtual server, and an HTTP client sends multiple requests within a single connection, the BIG-IP system is able to process each HTTP request individually. The BIG-IP system sends the HTTP requests to different destination servers as determined by the load balancing method. Without a OneConnect profile enabled for the virtual server, the BIG-IP system performs load-balancing only once for each TCP connection.