Master List of iRule Events¶
ACCESS¶
- ACCESS_ACL_ALLOWED - This event is triggered when a resource request passes the access control criteria and is allowed to go through the ACCESS filter. This event is only triggered for the resource requests and …
- ACCESS_ACL_DENIED - This event is triggered when a resource request fails to meet the access control criteria and is denied access.
- ACCESS_PER_REQUEST_AGENT_EVENT - allows admin to execute an iRule logic (inside TMM) at a desired point in the per-request access policy execution
- ACCESS_POLICY_AGENT_EVENT - This event provides glue between iRule execution and access policy execution.
- ACCESS_POLICY_COMPLETED - This event is triggered when the access policy execution completes for a user session.
- ACCESS_SAML_ASSERTION - triggered when the SAML assertion payload is generated for a user session.
- ACCESS_SAML_AUTHN - triggered when the SAML authentication request payload is generated for a user session.
- ACCESS_SAML_SLO_REQ - triggered when the SAML single logout request payload is generated for a user session.
- ACCESS_SAML_SLO_RESP - triggered when the SAML single logout response payload is generated for a user session
- ACCESS_SESSION_CLOSED - This event is triggered when a user session is removed due to a user logging out explicitly. timeout or if terminated explicitly by admin.
- ACCESS_SESSION_STARTED - This event is triggered when a new user session is created. This is triggered after creating the session context and initial session variables related to user’s source IP. browser capabiliti…
- ACCESS2_POLICY_EXPRESSION_EVAL - triggered when per-request policy branch expressions are evaluated
ADAPT¶
- ADAPT_REQUEST_HEADERS - raised as soon as any HTTP request headers have been returned from the IVS
- ADAPT_REQUEST_RESULT - raised after the internal virtual server returns the result of the request modification but before the potentially modified request or the original request is passed on for other processing.
- ADAPT_RESPONSE_HEADERS - raised as soon as any HTTP response headers have been returned from the IVS
- ADAPT_RESPONSE_RESULT - raised after the internal virtual server returns the result of the response modification but before the potentially modified response or the original response is passed on for other processing.
ANTIFRAUD¶
- ANTIFRAUD_ALERT - Raised when an alert is received or generated
- ANTIFRAUD_LOGIN - login event
APM¶
- ACCESS_ACL_ALLOWED - This event is triggered when a resource request passes the access control criteria and is allowed to go through the ACCESS filter. This event is only triggered for the resource requests and …
- ACCESS_ACL_DENIED - This event is triggered when a resource request fails to meet the access control criteria and is denied access.
- ACCESS_POLICY_AGENT_EVENT - This event provides glue between iRule execution and access policy execution.
- ACCESS_POLICY_COMPLETED - This event is triggered when the access policy execution completes for a user session.
- ACCESS_SESSION_CLOSED - This event is triggered when a user session is removed due to a user logging out explicitly. timeout or if terminated explicitly by admin.
- ACCESS_SESSION_STARTED - This event is triggered when a new user session is created. This is triggered after creating the session context and initial session variables related to user’s source IP. browser capabiliti…
ASM¶
- ASM_REQUEST_BLOCKING - Triggered when ASM is generating the reject-response and gives the iRule a chance to modify that reject-response before it is sent.
- ASM_REQUEST_DONE - triggered after ASM finished processing the request and found all violations of the ASM policy
- ASM_REQUEST_VIOLATION - Triggered when ASM detects that a request violates an ASM security policy.
- ASM_RESPONSE_VIOLATION - Triggered when ASM detects that a response violates an ASM security policy.
- IN_DOSL7_ATTACK - Triggered when ASM detects that a request violates an ASM security policy for Denial of Service attacks
AUTH¶
- AUTH_ERROR - Triggered when an error occurs during authorization (deprecated in 9.4).
- AUTH_FAILURE - Triggered when an unsuccessful authorization operation is completed (deprecated in 9.4).
- AUTH_RESULT - Replaces AUTH_SUCCESS. AUTH_FAILURE. AUTH_ERROR. and AUTH_WANTCREDENTIAL events.
- AUTH_SUCCESS - Triggered when a successful authorization has completed all required authentication services (deprecated in 9.4).
- AUTH_WANTCREDENTIAL - Triggered when an authorization operation needs an additional credential (deprecated in 9.4).
AVR¶
- AVR_CSPM_INJECTION - Triggered when the AVR profile is about to insert a CSPM javascript
BOTDEFENSE¶
- BOTDEFENSE_ACTION - Triggered immediately prior to taking an action on a transaction
- BOTDEFENSE_REQUEST - Triggered on an HTTP request (before the payload), after Bot Defense finished processing the request, but before a decision is made on a possible action
CACHE¶
- CACHE_REQUEST - Triggered when the system receives a request for a cached object.
- CACHE_RESPONSE - Triggered immediately prior to sending a cache response.
- CACHE_UPDATE - In Progress - Add Summary Here
CATEGORY¶
- CATEGORY_MATCHED - triggered when a custom category match (or prefix match) is found
CLASSIFICATION¶
- CLASSIFICATION_DETECTED - triggered when a flow is classified
CONNECTOR¶
- CONNECTOR_OPEN - Triggered when the connector is about to raise the service connect.
DIAMETER¶
- DIAMETER_INGRESS - triggered when the system receives a DIAMETER message
- DIAMETER_RETRANSMISSION - triggered when the generates a retransmitted DIAMETER request or a DIAMETER answer message
- DIAMETER_EGRESS - triggered when the system is ready to send a DIAMETER message
DNS¶
- DNS_REQUEST - Triggered when the system receives a DNS request.
- DNS_RESPONSE - Triggered when the system responds to a DNS request.
DOSL7¶
- IN_DOSL7_ATTACK - Triggered when ASM detects that a request violates an ASM security policy for Denial of Service attacks
ECA¶
- ECA_REQUEST_ALLOWED - fired when ECA plugin successfully authenticates
- ECA_REQUEST_DENIED - fired only when ECA plugin fails
FIX¶
- FIX_HEADER - Triggered when the system finishes parsing a new FIX header
- FIX_MESSAGE - Triggered when the system finishes parsing a new FIX message.
GENERICMESSAGE¶
- GENERICMESSAGE_EGRESS - raised when a message is received from the proxy
- GENERICMESSAGE_INGRESS - raised when a message is received by the generic message filter
GLOBAL¶
- EPI_NA_CHECK_HTTP_REQUEST - triggered when special http request comes
- FLOW_INIT - triggered (once for TCP and unique UDP/IP flows) after packet filters
- LB_FAILED - Triggered when the system fails to select a pool or a pool member. or when a selected resource is unreachable.
- LB_SELECTED - Triggered when the system selects a pool member.
- NAME_RESOLVED - Triggered after a NAME::lookup command has been issued and a response has been received.
- PERSIST_DOWN - Triggered when persistence dictates that a connection would be sent to a pool or a pool member or node which has been marked down.
- PING_REQUEST_READY - triggered when TMM has assembled an HTTP request to PingAccess policy server
- PING_RESPONSE_READY - triggered when TMM has received an HTTP response from PingAccess policy server
- RULE_INIT - Triggered when an iRule is added or is modified.
- SA_PICKED - triggered after source translation is completed.
- SERVER_INIT - triggered when BIG-IP has been configured to collect options and serverside TCP SYN is sent
GTM¶
- DNS_REQUEST - Triggered when the system receives a DNS request.
- DNS_RESPONSE - Triggered when the system responds to a DNS request.
- LB_FAILED - Triggered when the system fails to select a pool or a pool member. or when a selected resource is unreachable.
- LB_SELECTED - Triggered when the system selects a pool member.
- RULE_INIT - Triggered when an iRule is added or is modified.
GTP¶
- GTP_GPDU_EGRESS - Triggered for a message that has GTP message-type = 255 on the connection that forwards/egresses the message.
- GTP_GPDU_INGRESS - Triggered for a message that has GTP message-type = 255 on the the connection that accepted the message.
- GTP_PRIME_EGRESS - Triggered only for GTP prime messages for revision 1 on the connection that forwards/egresses the message.
- GTP_PRIME_INGRESS - Triggered only for GTP prime messages for revision 1 on the connection that accepted the message.
- GTP_SIGNALLING_EGRESS - Triggered for any GTP-message except G-PDU on the connection that forwards/egresses the message.
- GTP_SIGNALLING_INGRESS - Triggered for any GTP-message except G-PDU on the connection that accepted the message
HTML¶
- HTML_COMMENT_MATCHED - is raised when an HTML comment is encountered.
- HTML_TAG_MATCHED - is raised when an HTML tag is encountered.
HTTP¶
- HTTP_CLASS_FAILED - Triggered when an HTTP request is made to a virtual server with at least one HTTP class configured. and the request does not match the filters of any HTTP class.
- HTTP_CLASS_SELECTED - Triggered when an HTTP request matches an HTTP class.
- HTTP_DISABLED - triggered when HTTP is disabled
- HTTP_PROXY_CONNECT - triggered when proxy chaining via use of the HTTP_PROXY_CONNECT profile
- HTTP_PROXY_REQUEST - Triggered when a virtual server has proxy-mode explicit
- HTTP_PROXY_RESPONSE - triggered when the response from the remote HTTP proxy is received
- HTTP_REJECT - triggered when HTTP aborts the connection
- HTTP_REQUEST - Triggered when the system fully parses the complete client HTTP request headers.
- HTTP_REQUEST_DATA - Triggered when an HTTP::collect command has collected the specified amount of request data.
- HTTP_REQUEST_SEND - Triggered immediately before an HTTP request is sent to the server-side TCP stack.
- HTTP_RESPONSE - Triggered when the system parses all of the response status and header lines from the server response.
- HTTP_RESPONSE_CONTINUE - Triggered whenever the system receives a 100 Continue response from the server.
- HTTP_RESPONSE_DATA - Triggered when an HTTP::collect command has collected the specified amount of response data.
- HTTP_REQUEST_RELEASE - Triggered when the system is about to release HTTP data on the serverside of the connection.
- HTTP_RESPONSE_RELEASE - Triggered when the system is about to release HTTP data on the clientside of the connection.
ICAP¶
- ICAP_REQUEST - raised after an ICAP command has been created but before it has been sent to an ICAP server
- ICAP_RESPONSE - raised after an ICAP response has been processed but before the result is sent back to the HTTP adaptation virtual server
IP¶
- CLIENT_ACCEPTED - Triggered when a client has established a connection.
- CLIENT_CLOSED - This event is fired at the end of any client connection. regardless of protocol.
- CLIENT_DATA - Triggered each time new data is received from the client while the connection is in “collect” state.
- CLIENTSSL_DATA - Triggered each time new SSL data is received from the client while the connection is in “collect” state.
- SERVER_CLOSED - This event is triggered when the server side connection closes.
- SERVER_CONNECTED - Triggered when a connection has been established with the target node.
- SERVER_DATA - Triggered when new data is received from the target node after TCP::collect command has been issued.
- SERVERSSL_DATA - Triggered when new SSL data is received from the target node after SSL::collect command has been issued.
IVS¶
- IVS_ENTRY_REQUEST - The internal virtual server has received a request from the parent virtual server (client side).
- IVS_ENTRY_RESPONSE - The internal virtual server has received a response from the parent virtual server
L7CHECK¶
- L7CHECK_CLIENT_DATA - triggered each time new ingress data is received from client
- L7CHECK_SERVER_DATA - triggered each time new ingress data is received from server
LB¶
- LB::class - Provides the name of the traffic class that matched the connection
- LB_FAILED - Triggered when the system fails to select a pool or a pool member. or when a selected resource is unreachable.
- LB_SELECTED - Triggered when the system selects a pool member.
- LB_QUEUED - serverside event triggered when a connection limit it hit at the pool or pool member level.
MQTT¶
- MQTT_CLIENT_DATA - triggers when an a prior MQTT::collect command finishes
- MQTT_CLIENT_EGRESS - triggered when an MQTT message is sent to client-side
- MQTT_CLIENT_INGRESS - triggers when an MQTT message is received from client-side
- MQTT_CLIENT_SHUTDOWN - triggered when MQTT client closes TCP connection
- MQTT_SERVER_DATA - triggers when server-side payload data collection invoked using MQTT::collect finishes
- MQTT_SERVER_EGRESS - triggered when an MQTT message is sent to server-side
- MQTT_SERVER_INGRESS - triggers when an MQTT message is received from server-side
MR¶
- MR_EGRESS - raised after the route has been selected and processed and the message is delivered to the mr_proxy
- MR_INGRESS - raised when a message is received by the message proxy and before a route lookup occurs
- MR_FAILED - raised when a message has been returned to the originating flow due to a routing failure
NAME Deprecated¶
- NAME_RESOLVED - Triggered after a NAME::lookup command has been issued and a response has been received.
PCP¶
- PCP_REQUEST - triggered on receipt of a valid PCP request from a client
- PCP_RESPONSE - Triggered when a PCP response, successful or not, is returned to the client.
PEM¶
- PEM_POLICY - This event only works with PEM iRule
QOE¶
- QOE_PARSE_DONE - triggered when the system finishes parsing the static video parameters from video header part.
REWRITE¶
- REWRITE_REQUEST_DONE - always triggered after the ACCESS_ACL_ALLOWED event when a Portal Access resource is accessed.
- REWRITE_RESPONSE_DONE - only trigged when the REWRITE_REQUEST_DONE event calls REWRITE::post_process on.
RTSP¶
- RTSP_REQUEST - Triggered after a complete request has been received from either the client or the server.
- RTSP_REQUEST_DATA - Triggered whenever an RTSP::collect command finishes processing.
- RTSP_RESPONSE - Triggered after a complete response has been received from either the client or the server.
- RTSP_RESPONSE_DATA - Triggered when collection of response data is finished.
SCTP¶
- CLIENT_ACCEPTED - Triggered when a client has established a connection.
- CLIENT_CLOSED - This event is fired at the end of any client connection. regardless of protocol.
- CLIENT_DATA - Triggered each time new data is received from the client while the connection is in “collect” state.
- CLIENTSSL_DATA - Triggered each time new SSL data is received from the client while the connection is in “collect” state.
- SERVER_CLOSED - This event is triggered when the server side connection closes.
- SERVER_CONNECTED - Triggered when a connection has been established with the target node.
- SERVER_DATA - Triggered when new data is received from the target node after TCP::collect command has been issued.
- SERVERSSL_DATA - Triggered when new SSL data is received from the target node after SSL::collect command has been issued.
SIP¶
- SIP_REQUEST - Triggered when the system fully parses a complete client SIP request header.
- SIP_REQUEST_DONE - aised when a request message is received from the proxy after routing
- SIP_REQUEST_SEND - Triggered immediately before a SIP request is sent to the server-side TCP stack.
- SIP_RESPONSE - Triggered when a SIP Response is received from the Server
- SIP_RESPONSE_DONE - raised when a request message is received from the proxy after routing
- SIP_RESPONSE_SEND - Triggered …
SOCKS¶
- SOCKS_REQUEST - triggered upon receipt of a SOCKS command on a SOCKS connection, before authentication is done.
SSL¶
- CLIENTSSL_CLIENTCERT - Triggered when the system adds an SSL client certificate to the client certificate chain.
- CLIENTSSL_CLIENTHELLO - Triggered when the system has received the client’s SSL ClientHello message
- CLIENTSSL_DATA - Triggered each time new SSL data is received from the client while the connection is in “collect” state.
- CLIENTSSL_HANDSHAKE - Triggered when a client-side SSL handshake is completed.
- CLIENTSSL_PASSTHROUGH - Triggered when the SSL receive the plaintext data and enter the passthrough mode
- CLIENTSSL_SERVERHELLO_SEND - Triggered when the system is about to send its SSL ServerHello message on the clientside connection
- SERVERSSL_CLIENTHELLO_SEND - Triggered when the system is about to send its SSL ClientHello message.
- SERVERSSL_DATA - Triggered when new SSL data is received from the target node after SSL::collect command has been issued.
- SERVERSSL_HANDSHAKE - Triggered when a server-side SSL handshake is completed.
- SERVERSSL_SERVERCERT - triggered when the system finishes the server certificate verification
- SERVERSSL_SERVERHELLO - Triggered when the system has received the server’s SSL ServerHello message.
STREAM¶
- STREAM_MATCHED - Triggered when a stream expression matches.
TCP¶
- CLIENT_ACCEPTED - Triggered when a client has established a connection.
- CLIENT_CLOSED - This event is fired at the end of any client connection. regardless of protocol.
- CLIENT_DATA - Triggered each time new data is received from the client while the connection is in “collect” state.
- CLIENTSSL_DATA - Triggered each time new SSL data is received from the client while the connection is in “collect” state.
- SERVER_CLOSED - This event is triggered when the server side connection closes.
- SERVER_CONNECTED - Triggered when a connection has been established with the target node.
- SERVER_DATA - Triggered when new data is received from the target node after TCP::collect command has been issued.
- SERVERSSL_DATA - Triggered when new SSL data is received from the target node after SSL::collect command has been issued.
- USER_REQUEST - triggered by command TCP::notify request.
- USER_RESPONSE - Triggered by command TCP::notify response
UDP¶
- CLIENT_ACCEPTED - Triggered when a client has established a connection.
- CLIENT_CLOSED - This event is fired at the end of any client connection. regardless of protocol.
- CLIENT_DATA - Triggered each time new data is received from the client while the connection is in “collect” state.
- SERVER_CLOSED - This event is triggered when the server side connection closes.
- SERVER_CONNECTED - Triggered when a connection has been established with the target node.
- SERVER_DATA - Triggered when new data is received from the target node after TCP::collect command has been issued.
WS¶
- WS_CLIENT_DATA - raised when the system collects the specified amount of data via the WS::collect command
- WS_CLIENT_FRAME - raised to indicate the start of a Websocket frame received from the client
- WS_CLIENT_FRAME_DONE - aised to indicate the end of a Websocket frame received from the client
- WS_REQUEST - raised when certain headers are present in the client request
- WS_RESPONSE - raised when certain headers are present in the server response
- WS_SERVER_DATA - raised when the system collects the specified amount of data via the WS::collect command
- WS_SERVER_FRAME - raised to indicate the start of a Websocket frame received from the server.
- WS_SERVER_FRAME_DONE - raised to indicate the end of a Websocket frame received from the server
XML¶
- XML_CONTENT_BASED_ROUTING - Triggered when a match is found in the XML profile.
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.