BIG-IP LTM v9.0.0

Commands Introduced in BIG-IP LTM 9.0.0

  • accumulate - Terminates iRule processing until more data is received.
  • active_members - Returns the number or list of active members in the specified pool.
  • active_nodes - Returns the alias for active members of the specified pool (for BIG-IP version 4.X compatibility).
  • AES::decrypt - Decrypt the data using the previously-created AES key.
  • AES::encrypt - Encrypt the data using the previously-created AES key.
  • AES::key - Creates an AES key to encrypt/decrypt data.
  • AUTH::abort - Cancels any outstanding auth operations in this authentication session.
  • AUTH::authenticate - Performs a new authentication operation.
  • AUTH::authenticate_continue - Continues an authentication operation.
  • AUTH::cert_credential - Sets the peer certificate credential to the value of a peer certificate for a future AUTH::authenticate call.
  • AUTH::cert_issuer_credential - Sets the peer certificate issuer credential to the value of for a future AUTH::authenticate call.
  • AUTH::last_event_session_id - Returns the session ID of the last auth event
  • AUTH::password_credential - Sets the password credential to the specified string for a future AUTH::authenticate call.
  • AUTH::ssl_cc_ldap_status - Returns the status from the last successful client certificate-based LDAP query.
  • AUTH::ssl_cc_ldap_username - Returns a user name that the system retrieved from the LDAP database.
  • AUTH::start - Initializes an authentication session.
  • AUTH::status - Returns authentication status.
  • AUTH::username_credential - Sets the username credential to a string. for a future AUTH::authenticate call.
  • AUTH::wantcredential_prompt - Returns a string for an authorization session authid’s credential prompt.
  • AUTH::wantcredential_prompt_style - Returns an authorization session authid’s credential prompt style.
  • AUTH::wantcredential_type - Returns an authorization session authid’s credential type
  • b64decode - Returns a string that is base-64 decoded
  • b64encode - Returns a string that is base-64 encoded. or if an error occurs. an empty string.
  • client_addr - Returns the client IP address of a connection.
  • client_port - Returns the TCP port number/service of the specified client.
  • clientside - Causes the specified iRule commands to be evaluated under the client-side context.
  • clone - Causes the system to clone traffic to the specified pool or pool member regardless of monitor status.
  • COMPRESS::buffer_size - Sets the compression buffer size.
  • COMPRESS::disable - Disables compression for the current HTTP response.
  • COMPRESS::enable - Enables compression for the current HTTP response.
  • COMPRESS::gzip - Sets HTTP data compression criteria.
  • COMPRESS::method - Specifies the preferred compression algorithm.
  • crc32 - Returns the crc32 checksum for the specified string.
  • decode_uri - Decodes the specified string using HTTP URI encoding.
  • discard - Causes the current packet or connection to be dropped/discarded. Same as the drop command.
  • domain - Parses the specified string as a dotted domain name and returns the last portions of the domain name.
  • drop - Causes the current packet or connection to be dropped/discarded. Same as the discard command.
  • event - Enables or disables evaluation of the specified iRule event. or all iRule events. on this connection.
  • findclass - Searches a data group list for a member that starts with a specified string and returns the data-group member string.
  • findstr - Finds a string within another string and returns the string starting at the offset specified from the match.
  • forward - Sets the connection to forward IP packets.
  • getfield - Splits a string on a character or string. and returns the string corresponding to the specific field.
  • HTTP::close - Closes the HTTP connection.
  • HTTP::collect - Collects an amount of HTTP body data that you specify.
  • HTTP::cookie - Queries for or manipulates cookies in HTTP requests and responses.
  • HTTP::fallback - Specifies or overrides a fallback host specified in the HTTP profile.
  • HTTP::header - Queries or modifies HTTP headers.
  • HTTP::host - Returns the value of the HTTP Host header
  • HTTP::is_keepalive - Returns a true value if this is a Keep-Alive connection.
  • HTTP::method - Returns the type of HTTP request method.
  • HTTP::password - Returns the password part of HTTP basic authentication.
  • HTTP::path - Returns or sets the path part of the HTTP request.
  • HTTP::payload - Queries for or manipulates HTTP payload information.
  • HTTP::query - Returns the query part of the HTTP request.
  • HTTP::redirect - Redirects an HTTP request or response to the specified URL.
  • HTTP::release - Releases the data collected via HTTP::collect.
  • HTTP::request_num - Returns the number of HTTP requests that a client made on the connection.
  • HTTP::respond - Generates a response to the client as if it came from the server.
  • HTTP::status - Returns the response status code.
  • HTTP::uri - Returns or sets the URI part of the HTTP request.
  • HTTP::username - Returns the username part of HTTP basic authentication.
  • HTTP::version - Returns or sets the HTTP version of the request or response.
  • http_cookie - Specifies the value in the Cookie: header.
  • http_header - Evaluates the string following an HTTP header tag that you specify.
  • http_host - Specifies the value in the Host: header of the HTTP request.
  • http_method - Specifies the action of the HTTP request.
  • http_uri - Specifies a URI.
  • http_version - Specifies the HTTP protocol version.
  • imid - Returns an i-mode identifier string.
  • IP::addr - Performs comparison of IP address/subnet/supernet to IP address/subnet/supernet. or parses 4 binary bytes into an IPv4 dotted quad address.
  • IP::client_addr - Returns the client IP address of a connection
  • IP::idle_timeout - Returns or sets the idle timeout value.
  • IP::local_addr - Returns the IP address of the virtual server the client is connected to or the self-ip LTM is connected from.
  • IP::protocol - Returns the IP protocol value.
  • IP::remote_addr - Returns the IP address of the host on the far end of the connection.
  • IP::server_addr - Returns the server’s IP address.
  • IP::stats - Supplies information about the number of packets or bytes being sent or received in a given connection.
  • IP::tos - Returns the ToS value encoded within a packet.
  • ip_protocol - Returns the IP protocol value.
  • ip_tos - Returns the ToS level of a packet.
  • LB::command - To be completed
  • LB::detach - Disconnects the server side connection
  • LB::mode - Sets the load balancing mode
  • LB::persist - Forces a persistence record lookup and returns the result
  • LB::reselect - Selects the next available member in the current pool, based on pool Load Balancing options
  • LB::server - Returns information about the currently selected server
  • LINK::qos - Returns the QoS level set on the packet.
  • LINK::vlan_id - Returns the VLAN tag of the packet.
  • link_qos - Returns the QoS level.
  • listen - Sets up a related ephemeral listener to allow an incoming related connection to be established.
  • local_addr - Deprecated: Use IP::local_addr instead
  • log - Generates and logs a message to the syslog-ng utility.
  • matchclass - Performs comparison against the contents of data group.
  • matchregion - Returns true/false if specified region is matched.
  • md5 - Returns the RSA MD5 Message Digest Algorithm message digest of the specified string.
  • NAME::lookup - Performs DNS query for A or PTR record corresponding to a hostname or IP address
  • NAME::response - Returns a list of records received in response to a DNS query
  • node - Sends the packet directly to the identified server node.
  • ONECONNECT::detach - Detaches server-side OneConnect connections.
  • ONECONNECT::reuse - Controls server-side connection reuse
  • peer - Causes the specified iRule commands to be evaluated under the peer’s (opposite) context.
  • persist - Causes the system to use the named persistence type to persist the connection.
  • pool - Causes the system to load balance traffic to the specified pool or pool member regardless of monitor status.
  • priority - The priority command is used to set the order that like iRule events are executed.
  • PROFILE::auth - Returns the value of an authentication profile setting.
  • PROFILE::fastL4 - Returns the value of a Fast L4 profile setting.
  • PROFILE::ftp - Returns the value of an FTP profile setting.
  • PROFILE::http - Returns the value of an HTTP profile setting.
  • PROFILE::oneconnect - Returns the value of a Oneconnect profile setting.
  • PROFILE::persist - Returns the value of a persistence profile setting.
  • PROFILE::stream - Returns the value of a Stream profile setting.
  • PROFILE::tcp - Returns the value of a TCP profile setting.
  • PROFILE::udp - Returns the value of a UDP profile setting.
  • rateclass - Causes the system to select the specified rate class to use when transmitting packets.
  • redirect - Redirects an HTTP request to a specific location.
  • reject - Causes the connection to be rejected.
  • relate_client - Sets up a related established connection.
  • relate_server - Sets up a related established connection.
  • remote_addr - Deprecated: Use IP::remote_addr instead
  • return - Causes immediate exit from the currently executing event in the currently executing iRule.
  • ROUTE::age - The age of the route metrics in seconds.
  • ROUTE::bandwidth - The average of the bandwidth estimates for TCP connections.
  • ROUTE::rtt - The average smoothed round-trip time for TCP connections.
  • ROUTE::rttvar - The average variance in smoothed round-trip times for TCP connections.
  • server_addr - Returns the IP address of the server.
  • server_port - Returns the TCP port/service number of the specified server.
  • serverside - Causes the specified iRule command to be evaluated under the server-side context.
  • session - Utilizes the persistence table to store arbitrary information based on the same keys as persistence.
  • sha1 - Returns the SHA version 1.0 message digest of the specified string.
  • snat - Causes the LTM system to assign the specified translation address to the current connection.
  • snatpool - Causes the specified pool of addresses to be used as translation addresses to create a SNAT.
  • SSL::authenticate - Overrides the current setting for authentication frequency or for the maximum depth of certificate chain traversal.
  • SSL::cert - Returns X509 SSL certificate data.
  • SSL::cipher - Returns SSL cipher information.
  • SSL::disable - Disables SSL processing.
  • SSL::enable - Re-enables SSL processing.
  • SSL::handshake - Halts or resumes SSL activity.
  • SSL::mode - Gets the enabled/disabled state of SSL
  • SSL::modssl_sessionid_headers - Returns a list of fields for HTTP headers
  • SSL::renegotiate - Controls renegotiation of an SSL connection.
  • SSL::sessionid - Gets the SSL session ID.
  • SSL::unclean_shutdown - Sets the value of the Unclean Shutdown setting.
  • SSL::verify_result - Gets or sets the result code for peer certificate verification.
  • STREAM::replace - Changes a replacement string in the Stream profile.
  • substr - A custom iRule function which returns a substring from a string
  • TCP::client_port - Returns the remote TCP port/service number of the clientside TCP connection.
  • TCP::close - Closes the TCP connection.
  • TCP::collect - Collects the specified amount of content data.
  • TCP::local_port - Returns the local TCP port/service number of a TCP connection.
  • TCP::mss - Returns the on-wire Maximum Segment Size (MSS) for a TCP connection.
  • TCP::notify - Causes the USER_REQUEST or USER_RESPONSE event to be raised.
  • TCP::offset - Returns the number of bytes currently held in memory via TCP::collect.
  • TCP::payload - Returns or replaces TCP data content.
  • TCP::release - Releases and flushes collected data. and resumes processing.
  • TCP::remote_port - Returns the remote TCP port/service number of a TCP connection.
  • TCP::respond - Sends the specified data directly to the peer.
  • TCP::rtt - Returns the smoothed round-trip time estimate for a TCP connection.
  • TCP::server_port - Returns the remote TCP port/service number of the serverside TCP connection.
  • TCP::unused_port - Returns an unused TCP port for the specified IP tuple.
  • UDP::client_port - Returns the UDP port/service number of a client system.
  • UDP::drop - Drops the current UDP packet without removing the flow from the connection table
  • UDP::local_port - Returns the local UDP port/service number.
  • UDP::mss - Returns the on-wire Maximum Segment Size (MSS) for a UDP connection.
  • UDP::payload - Returns the content or length of the current UDP payload.
  • UDP::remote_port - Returns the remote UDP port/service number.
  • UDP::server_port - Returns the UDP port/service number of a server system.
  • UDP::unused_port - Returns an unused UDP port for the specified IP tuple.
  • URI::basename - Extracts the basename part of a given uri string.
  • URI::compare - Compares two URI’s for equality.
  • URI::decode - Returns a decoded version of a given URI.
  • URI::encode - Returns an encoded version of a given URI.
  • URI::host - Returns the host portion of a given URI.
  • URI::port - Returns the host port from the given URI.
  • URI::protocol - Returns the protocol of the given URI.
  • URI::query - Returns the query string portion of the given URI or the value of a query string parameter.
  • use - A BIG-IP 4.X statement. provided for backward-compatibility.
  • virtual - Return the name of the associated virtual server or selects another virtual server.
  • vlan_id - Returns the VLAN tag of the packet.
  • when - Used to specify an event in an iRule.
  • X509::cert_fields - Returns a list of X509 certificate fields to be added to HTTP headers for ModSSL behavior.
  • X509::extensions - Returns the X509 extensions set on an X509 certificate.
  • X509::hash - Returns the MD5 hash (fingerprint) of an X509 certificate.
  • X509::issuer - Returns the issuer of an X509 certificate.
  • X509::not_valid_after - Returns the not-valid-after date of an X509 certificate.
  • X509::not_valid_before - Returns the not-valid-before date of an X509 certificate.
  • X509::serial_number - Returns the serial number of an X509 certificate.
  • X509::signature_algorithm - Returns the signature algorithm of an X509 certificate.
  • X509::subject - Returns the subject of an X509 certificate.
  • X509::subject_public_key - Returns the subject’s public key of an X509 certificate.
  • X509::subject_public_key_RSA_bits - Returns the size of the subject’s public RSA key of an X509 certificate.
  • X509::subject_public_key_type - Returns the subject’s public key type of an X509 certificate.
  • X509::verify_cert_error_string - Returns an X509 certificate error string.
  • X509::version - Returns the version number of an X509 certificate.
  • X509::whole - Returns an X509 certificate in PEM format.

Events Introduced in BIG-IP LTM 9.0.0

  • AUTH_ERROR - Triggered when an error occurs during authorization (deprecated in 9.4).
  • AUTH_FAILURE - Triggered when an unsuccessful authorization operation is completed (deprecated in 9.4).
  • AUTH_SUCCESS - Triggered when a successful authorization has completed all required authentication services (deprecated in 9.4).
  • AUTH_WANTCREDENTIAL - Triggered when an authorization operation needs an additional credential (deprecated in 9.4).
  • CLIENT_ACCEPTED - Triggered when a client has established a connection.
  • CLIENT_CLOSED - This event is fired at the end of any client connection. regardless of protocol.
  • CLIENT_DATA - Triggered each time new data is received from the client while the connection is in “collect” state.
  • CLIENTSSL_CLIENTCERT - Triggered when the system adds an SSL client certificate to the client certificate chain.
  • CLIENTSSL_HANDSHAKE - Triggered when a client-side SSL handshake is completed.
  • HTTP_REQUEST - Triggered when the system fully parses the complete client HTTP request headers.
  • HTTP_REQUEST_DATA - Triggered when an HTTP::collect command has collected the specified amount of request data.
  • HTTP_RESPONSE - Triggered when the system parses all of the response status and header lines from the server response.
  • HTTP_RESPONSE_CONTINUE - Triggered whenever the system receives a 100 Continue response from the server.
  • HTTP_RESPONSE_DATA - Triggered when an HTTP::collect command has collected the specified amount of response data.
  • LB_FAILED - Triggered when the system fails to select a pool or a pool member. or when a selected resource is unreachable.
  • LB_SELECTED - Triggered when the system selects a pool member.
  • NAME_RESOLVED - Triggered after a NAME::lookup command has been issued and a response has been received.
  • RULE_INIT - Triggered when an iRule is added or is modified.
  • SERVER_CLOSED - This event is triggered when the server side connection closes.
  • SERVER_CONNECTED - Triggered when a connection has been established with the target node.
  • SERVER_DATA - Triggered when new data is received from the target node after TCP::collect command has been issued.
  • SERVERSSL_HANDSHAKE - Triggered when a server-side SSL handshake is completed.
  • USER_REQUEST - triggered by command TCP::notify request.
  • USER_RESPONSE - Triggered by command TCP::notify response

Operators Introduced in BIG-IP LTM 9.0.0

  • and - Performs a logical “and” comparison between two values.
  • contains - Tests if one string contains another string.
  • ends_with - Tests if one string ends with another string.
  • equals - Tests if one string equals another string.
  • matches_regex - Tests if one string matches a regular expression.
  • not - Performs a logical “not” on a value.
  • or - Performs a logical “or” comparison between two values.
  • starts_with - Tests if one string starts_with another string

Commands Deprecated or Removed in BIG-IP LTM 9.0.0

  • local_addr - Deprecated: Use IP::local_addr instead
  • remote_addr - Deprecated: Use IP::remote_addr instead

Events Deprecated or Removed in BIG-IP LTM 9.0.0


Operators Deprecated or Removed in BIG-IP LTM 9.0.0

The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.