Master List of iRule Events

ACCESS ACCESS_ACL_ALLOWED, ACCESS_ACL_DENIED, ACCESS_PER_REQUEST_AGENT_EVENT, ACCESS_POLICY_AGENT_EVENT, ACCESS_POLICY_COMPLETED, ACCESS_SAML_ASSERTION, ACCESS_SAML_AUTHN, ACCESS_SAML_SLO_REQ, ACCESS_SAML_SLO_RESP, ACCESS_SESSION_CLOSED, ACCESS_SESSION_STARTED, ACCESS2_POLICY_EXPRESSION_EVAL
ADAPT ADAPT_REQUEST_HEADERS, ADAPT_REQUEST_RESULT, ADAPT_RESPONSE_HEADERS, ADAPT_RESPONSE_RESULT
ANTIFRAUD ANTIFRAUD_ALERT, ANTIFRAUD_LOGIN
APM ACCESS_ACL_ALLOWED, ACCESS_ACL_DENIED, ACCESS_POLICY_AGENT_EVENT, ACCESS_POLICY_COMPLETED, ACCESS_SESSION_CLOSED, ACCESS_SESSION_STARTED
ASM ASM_REQUEST_BLOCKING, ASM_REQUEST_DONE, ASM_REQUEST_VIOLATION, ASM_RESPONSE_VIOLATION, IN_DOSL7_ATTACK
AUTH AUTH_ERROR, AUTH_FAILURE, AUTH_RESULT, AUTH_SUCCESS, AUTH_WANTCREDENTIAL
AVR AVR_CSPM_INJECTION
BOTDEFENSE BOTDEFENSE_ACTION, BOTDEFENSE_REQUEST
CACHE CACHE_REQUEST, CACHE_RESPONSE, CACHE_UPDATE
CATEGORY CATEGORY_MATCHED
CLASSIFICATION CLASSIFICATION_DETECTED
CONNECTOR CONNECTOR_OPEN
DIAMETER DIAMETER_INGRESS, DIAMETER_RETRANSMISSION, DIAMETER_EGRESS
DNS DNS_REQUEST, DNS_RESPONSE
DOSL7 IN_DOSL7_ATTACK
ECA ECA_REQUEST_ALLOWED, ECA_REQUEST_DENIED
FIX FIX_HEADER, FIX_MESSAGE
FLOW FLOW_INIT
GENERICMESSAGE GENERICMESSAGE_EGRESS, GENERICMESSAGE_INGRESS
GLOBAL EPI_NA_CHECK_HTTP_REQUEST, FLOW_INIT, LB_FAILED, LB_SELECTED, NAME_RESOLVED, PERSIST_DOWN, PING_REQUEST_READY, PING_RESPONSE_READY, RULE_INIT, SA_PICKED, SERVER_INIT
GTM DNS_REQUEST, DNS_RESPONSE, LB_FAILED, LB_SELECTED, RULE_INIT
GTP GTP_GPDU_EGRESS, GTP_GPDU_INGRESS, GTP_PRIME_EGRESS, GTP_PRIME_INGRESS, GTP_SIGNALLING_EGRESS, GTP_SIGNALLING_INGRESS
HTML HTML_COMMENT_MATCHED , HTML_TAG_MATCHED
HTTP HTTP_CLASS_FAILED, HTTP_CLASS_SELECTED, HTTP_DISABLED, HTTP_PROXY_CONNECT, HTTP_PROXY_REQUEST, HTTP_PROXY_RESPONSE, HTTP_REJECT, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, HTTP_RESPONSE, HTTP_RESPONSE_CONTINUE, HTTP_RESPONSE_DATA, HTTP_REQUEST_RELEASE, HTTP_RESPONSE_RELEASE
ICAP ICAP_REQUEST, ICAP_RESPONSE
IP CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, CLIENTSSL_DATA, SERVER_CLOSED, SERVER_CONNECTED, SERVER_DATA, SERVERSSL_DATA
IVS IVS_ENTRY_REQUEST, IVS_ENTRY_RESPONSE
L7CHECK L7CHECK_CLIENT_DATA, L7CHECK_SERVER_DATA
LB LB::class, LB_FAILED, LB_SELECTED, LB_QUEUED
MQTT MQTT_CLIENT_DATA, MQTT_CLIENT_EGRESS, MQTT_CLIENT_INGRESS, MQTT_CLIENT_SHUTDOWN, MQTT_SERVER_DATA, MQTT_SERVER_EGRESS, MQTT_SERVER_INGRESS
MR MR_EGRESS, MR_INGRESS, MR_FAILED
NAME Deprecated NAME_RESOLVED
PCP PCP_REQUEST, PCP_RESPONSE
PEM PEM_POLICY
QOE QOE_PARSE_DONE
REWRITE REWRITE_REQUEST_DONE, REWRITE_RESPONSE_DONE
RTSP RTSP_REQUEST, RTSP_REQUEST_DATA, RTSP_RESPONSE, RTSP_RESPONSE_DATA
SCTP CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, CLIENTSSL_DATA, SERVER_CLOSED, SERVER_CONNECTED, SERVER_DATA, SERVERSSL_DATA
SIP SIP_REQUEST, SIP_REQUEST_DONE, SIP_REQUEST_SEND, SIP_RESPONSE, SIP_RESPONSE_DONE, SIP_RESPONSE_SEND
SOCKS SOCKS_REQUEST
SSL CLIENTSSL_CLIENTCERT, CLIENTSSL_CLIENTHELLO, CLIENTSSL_DATA, CLIENTSSL_HANDSHAKE, CLIENTSSL_PASSTHROUGH, CLIENTSSL_SERVERHELLO_SEND, SERVERSSL_CLIENTHELLO_SEND, SERVERSSL_DATA, SERVERSSL_HANDSHAKE, SERVERSSL_SERVERCERT, SERVERSSL_SERVERHELLO
STREAM STREAM_MATCHED
TCP CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, CLIENTSSL_DATA, SERVER_CLOSED, SERVER_CONNECTED, SERVER_DATA, SERVERSSL_DATA, USER_REQUEST, USER_RESPONSE
UDP CLIENT_ACCEPTED, CLIENT_CLOSED, CLIENT_DATA, SERVER_CLOSED, SERVER_CONNECTED, SERVER_DATA
WS WS_CLIENT_DATA, WS_CLIENT_FRAME, WS_CLIENT_FRAME_DONE, WS_REQUEST, WS_RESPONSE, WS_SERVER_DATA, WS_SERVER_FRAME, WS_SERVER_FRAME_DONE
XML XML_BEGIN_DOCUMENT, XML_BEGIN_ELEMENT, XML_CDATA, XML_CONTENT_BASED_ROUTING, XML_END_DOCUMENT, XML_END_ELEMENT, XML_EVENT

ACCESS

  • ACCESS_ACL_ALLOWED - This event is triggered when a resource request passes the access control criteria and is allowed to go through the ACCESS filter. This event is only triggered for the resource requests and …
  • ACCESS_ACL_DENIED - This event is triggered when a resource request fails to meet the access control criteria and is denied access.
  • ACCESS_PER_REQUEST_AGENT_EVENT - allows admin to execute an iRule logic (inside TMM) at a desired point in the per-request access policy execution
  • ACCESS_POLICY_AGENT_EVENT - This event provides glue between iRule execution and access policy execution.
  • ACCESS_POLICY_COMPLETED - This event is triggered when the access policy execution completes for a user session.
  • ACCESS_SAML_ASSERTION - triggered when the SAML assertion payload is generated for a user session.
  • ACCESS_SAML_AUTHN - triggered when the SAML authentication request payload is generated for a user session.
  • ACCESS_SAML_SLO_REQ - triggered when the SAML single logout request payload is generated for a user session.
  • ACCESS_SAML_SLO_RESP - triggered when the SAML single logout response payload is generated for a user session
  • ACCESS_SESSION_CLOSED - This event is triggered when a user session is removed due to a user logging out explicitly. timeout or if terminated explicitly by admin.
  • ACCESS_SESSION_STARTED - This event is triggered when a new user session is created. This is triggered after creating the session context and initial session variables related to user’s source IP. browser capabiliti…
  • ACCESS2_POLICY_EXPRESSION_EVAL - triggered when per-request policy branch expressions are evaluated

ADAPT

  • ADAPT_REQUEST_HEADERS - raised as soon as any HTTP request headers have been returned from the IVS
  • ADAPT_REQUEST_RESULT - raised after the internal virtual server returns the result of the request modification but before the potentially modified request or the original request is passed on for other processing.
  • ADAPT_RESPONSE_HEADERS - raised as soon as any HTTP response headers have been returned from the IVS
  • ADAPT_RESPONSE_RESULT - raised after the internal virtual server returns the result of the response modification but before the potentially modified response or the original response is passed on for other processing.

ANTIFRAUD

APM

  • ACCESS_ACL_ALLOWED - This event is triggered when a resource request passes the access control criteria and is allowed to go through the ACCESS filter. This event is only triggered for the resource requests and …
  • ACCESS_ACL_DENIED - This event is triggered when a resource request fails to meet the access control criteria and is denied access.
  • ACCESS_POLICY_AGENT_EVENT - This event provides glue between iRule execution and access policy execution.
  • ACCESS_POLICY_COMPLETED - This event is triggered when the access policy execution completes for a user session.
  • ACCESS_SESSION_CLOSED - This event is triggered when a user session is removed due to a user logging out explicitly. timeout or if terminated explicitly by admin.
  • ACCESS_SESSION_STARTED - This event is triggered when a new user session is created. This is triggered after creating the session context and initial session variables related to user’s source IP. browser capabiliti…

ASM

  • ASM_REQUEST_BLOCKING - Triggered when ASM is generating the reject-response and gives the iRule a chance to modify that reject-response before it is sent.
  • ASM_REQUEST_DONE - triggered after ASM finished processing the request and found all violations of the ASM policy
  • ASM_REQUEST_VIOLATION - Triggered when ASM detects that a request violates an ASM security policy.
  • ASM_RESPONSE_VIOLATION - Triggered when ASM detects that a response violates an ASM security policy.
  • IN_DOSL7_ATTACK - Triggered when ASM detects that a request violates an ASM security policy for Denial of Service attacks

AUTH

AVR

  • AVR_CSPM_INJECTION - Triggered when the AVR profile is about to insert a CSPM javascript

BOTDEFENSE

  • BOTDEFENSE_ACTION - Triggered immediately prior to taking an action on a transaction
  • BOTDEFENSE_REQUEST - Triggered on an HTTP request (before the payload), after Bot Defense finished processing the request, but before a decision is made on a possible action

CACHE

  • CACHE_REQUEST - Triggered when the system receives a request for a cached object.
  • CACHE_RESPONSE - Triggered immediately prior to sending a cache response.
  • CACHE_UPDATE - In Progress - Add Summary Here

CATEGORY

  • CATEGORY_MATCHED - triggered when a custom category match (or prefix match) is found

CLASSIFICATION

CONNECTOR

  • CONNECTOR_OPEN - Triggered when the connector is about to raise the service connect.

DIAMETER

  • DIAMETER_INGRESS - triggered when the system receives a DIAMETER message
  • DIAMETER_RETRANSMISSION - triggered when the generates a retransmitted DIAMETER request or a DIAMETER answer message
  • DIAMETER_EGRESS - triggered when the system is ready to send a DIAMETER message

DNS

  • DNS_REQUEST - Triggered when the system receives a DNS request.
  • DNS_RESPONSE - Triggered when the system responds to a DNS request.

DOSL7

  • IN_DOSL7_ATTACK - Triggered when ASM detects that a request violates an ASM security policy for Denial of Service attacks

ECA

FIX

  • FIX_HEADER - Triggered when the system finishes parsing a new FIX header
  • FIX_MESSAGE - Triggered when the system finishes parsing a new FIX message.

FLOW

  • FLOW_INIT - triggered (once for TCP and unique UDP/IP flows) after packet filters

GENERICMESSAGE

GLOBAL

  • EPI_NA_CHECK_HTTP_REQUEST - triggered when special http request comes
  • FLOW_INIT - triggered (once for TCP and unique UDP/IP flows) after packet filters
  • LB_FAILED - Triggered when the system fails to select a pool or a pool member. or when a selected resource is unreachable.
  • LB_SELECTED - Triggered when the system selects a pool member.
  • NAME_RESOLVED - Triggered after a NAME::lookup command has been issued and a response has been received.
  • PERSIST_DOWN - Triggered when persistence dictates that a connection would be sent to a pool or a pool member or node which has been marked down.
  • PING_REQUEST_READY - triggered when TMM has assembled an HTTP request to PingAccess policy server
  • PING_RESPONSE_READY - triggered when TMM has received an HTTP response from PingAccess policy server
  • RULE_INIT - Triggered when an iRule is added or is modified.
  • SA_PICKED - triggered after source translation is completed.
  • SERVER_INIT - triggered when BIG-IP has been configured to collect options and serverside TCP SYN is sent

GTM

  • DNS_REQUEST - Triggered when the system receives a DNS request.
  • DNS_RESPONSE - Triggered when the system responds to a DNS request.
  • LB_FAILED - Triggered when the system fails to select a pool or a pool member. or when a selected resource is unreachable.
  • LB_SELECTED - Triggered when the system selects a pool member.
  • RULE_INIT - Triggered when an iRule is added or is modified.

GTP

  • GTP_GPDU_EGRESS - Triggered for a message that has GTP message-type = 255 on the connection that forwards/egresses the message.
  • GTP_GPDU_INGRESS - Triggered for a message that has GTP message-type = 255 on the the connection that accepted the message.
  • GTP_PRIME_EGRESS - Triggered only for GTP prime messages for revision 1 on the connection that forwards/egresses the message.
  • GTP_PRIME_INGRESS - Triggered only for GTP prime messages for revision 1 on the connection that accepted the message.
  • GTP_SIGNALLING_EGRESS - Triggered for any GTP-message except G-PDU on the connection that forwards/egresses the message.
  • GTP_SIGNALLING_INGRESS - Triggered for any GTP-message except G-PDU on the connection that accepted the message

HTML

HTTP

  • HTTP_CLASS_FAILED - Triggered when an HTTP request is made to a virtual server with at least one HTTP class configured. and the request does not match the filters of any HTTP class.
  • HTTP_CLASS_SELECTED - Triggered when an HTTP request matches an HTTP class.
  • HTTP_DISABLED - triggered when HTTP is disabled
  • HTTP_PROXY_CONNECT - triggered when proxy chaining via use of the HTTP_PROXY_CONNECT profile
  • HTTP_PROXY_REQUEST - Triggered when a virtual server has proxy-mode explicit
  • HTTP_PROXY_RESPONSE - triggered when the response from the remote HTTP proxy is received
  • HTTP_REJECT - triggered when HTTP aborts the connection
  • HTTP_REQUEST - Triggered when the system fully parses the complete client HTTP request headers.
  • HTTP_REQUEST_DATA - Triggered when an HTTP::collect command has collected the specified amount of request data.
  • HTTP_REQUEST_SEND - Triggered immediately before an HTTP request is sent to the server-side TCP stack.
  • HTTP_RESPONSE - Triggered when the system parses all of the response status and header lines from the server response.
  • HTTP_RESPONSE_CONTINUE - Triggered whenever the system receives a 100 Continue response from the server.
  • HTTP_RESPONSE_DATA - Triggered when an HTTP::collect command has collected the specified amount of response data.
  • HTTP_REQUEST_RELEASE - Triggered when the system is about to release HTTP data on the serverside of the connection.
  • HTTP_RESPONSE_RELEASE - Triggered when the system is about to release HTTP data on the clientside of the connection.

ICAP

  • ICAP_REQUEST - raised after an ICAP command has been created but before it has been sent to an ICAP server
  • ICAP_RESPONSE - raised after an ICAP response has been processed but before the result is sent back to the HTTP adaptation virtual server

IP

  • CLIENT_ACCEPTED - Triggered when a client has established a connection.
  • CLIENT_CLOSED - This event is fired at the end of any client connection. regardless of protocol.
  • CLIENT_DATA - Triggered each time new data is received from the client while the connection is in “collect” state.
  • CLIENTSSL_DATA - Triggered each time new SSL data is received from the client while the connection is in “collect” state.
  • SERVER_CLOSED - This event is triggered when the server side connection closes.
  • SERVER_CONNECTED - Triggered when a connection has been established with the target node.
  • SERVER_DATA - Triggered when new data is received from the target node after TCP::collect command has been issued.
  • SERVERSSL_DATA - Triggered when new SSL data is received from the target node after SSL::collect command has been issued.

IVS

  • IVS_ENTRY_REQUEST - The internal virtual server has received a request from the parent virtual server (client side).
  • IVS_ENTRY_RESPONSE - The internal virtual server has received a response from the parent virtual server

L7CHECK

LB

  • LB::class - Provides the name of the traffic class that matched the connection
  • LB_FAILED - Triggered when the system fails to select a pool or a pool member. or when a selected resource is unreachable.
  • LB_SELECTED - Triggered when the system selects a pool member.
  • LB_QUEUED - serverside event triggered when a connection limit it hit at the pool or pool member level.

MQTT

MR

  • MR_EGRESS - raised after the route has been selected and processed and the message is delivered to the mr_proxy
  • MR_INGRESS - raised when a message is received by the message proxy and before a route lookup occurs
  • MR_FAILED - raised when a message has been returned to the originating flow due to a routing failure

NAME Deprecated

PCP

  • PCP_REQUEST - triggered on receipt of a valid PCP request from a client
  • PCP_RESPONSE - Triggered when a PCP response, successful or not, is returned to the client.

PEM

  • PEM_POLICY - This event only works with PEM iRule

QOE

  • QOE_PARSE_DONE - triggered when the system finishes parsing the static video parameters from video header part.

REWRITE

  • REWRITE_REQUEST_DONE - always triggered after the ACCESS_ACL_ALLOWED event when a Portal Access resource is accessed.
  • REWRITE_RESPONSE_DONE - only trigged when the REWRITE_REQUEST_DONE event calls REWRITE::post_process on.

RTSP

  • RTSP_REQUEST - Triggered after a complete request has been received from either the client or the server.
  • RTSP_REQUEST_DATA - Triggered whenever an RTSP::collect command finishes processing.
  • RTSP_RESPONSE - Triggered after a complete response has been received from either the client or the server.
  • RTSP_RESPONSE_DATA - Triggered when collection of response data is finished.

SCTP

  • CLIENT_ACCEPTED - Triggered when a client has established a connection.
  • CLIENT_CLOSED - This event is fired at the end of any client connection. regardless of protocol.
  • CLIENT_DATA - Triggered each time new data is received from the client while the connection is in “collect” state.
  • CLIENTSSL_DATA - Triggered each time new SSL data is received from the client while the connection is in “collect” state.
  • SERVER_CLOSED - This event is triggered when the server side connection closes.
  • SERVER_CONNECTED - Triggered when a connection has been established with the target node.
  • SERVER_DATA - Triggered when new data is received from the target node after TCP::collect command has been issued.
  • SERVERSSL_DATA - Triggered when new SSL data is received from the target node after SSL::collect command has been issued.

SIP

  • SIP_REQUEST - Triggered when the system fully parses a complete client SIP request header.
  • SIP_REQUEST_DONE - aised when a request message is received from the proxy after routing
  • SIP_REQUEST_SEND - Triggered immediately before a SIP request is sent to the server-side TCP stack.
  • SIP_RESPONSE - Triggered when a SIP Response is received from the Server
  • SIP_RESPONSE_DONE - raised when a request message is received from the proxy after routing
  • SIP_RESPONSE_SEND - Triggered …

SOCKS

  • SOCKS_REQUEST - triggered upon receipt of a SOCKS command on a SOCKS connection, before authentication is done.

SSL

STREAM

TCP

  • CLIENT_ACCEPTED - Triggered when a client has established a connection.
  • CLIENT_CLOSED - This event is fired at the end of any client connection. regardless of protocol.
  • CLIENT_DATA - Triggered each time new data is received from the client while the connection is in “collect” state.
  • CLIENTSSL_DATA - Triggered each time new SSL data is received from the client while the connection is in “collect” state.
  • SERVER_CLOSED - This event is triggered when the server side connection closes.
  • SERVER_CONNECTED - Triggered when a connection has been established with the target node.
  • SERVER_DATA - Triggered when new data is received from the target node after TCP::collect command has been issued.
  • SERVERSSL_DATA - Triggered when new SSL data is received from the target node after SSL::collect command has been issued.
  • USER_REQUEST - triggered by command TCP::notify request.
  • USER_RESPONSE - Triggered by command TCP::notify response

UDP

  • CLIENT_ACCEPTED - Triggered when a client has established a connection.
  • CLIENT_CLOSED - This event is fired at the end of any client connection. regardless of protocol.
  • CLIENT_DATA - Triggered each time new data is received from the client while the connection is in “collect” state.
  • SERVER_CLOSED - This event is triggered when the server side connection closes.
  • SERVER_CONNECTED - Triggered when a connection has been established with the target node.
  • SERVER_DATA - Triggered when new data is received from the target node after TCP::collect command has been issued.

WS

  • WS_CLIENT_DATA - raised when the system collects the specified amount of data via the WS::collect command
  • WS_CLIENT_FRAME - raised to indicate the start of a Websocket frame received from the client
  • WS_CLIENT_FRAME_DONE - aised to indicate the end of a Websocket frame received from the client
  • WS_REQUEST - raised when certain headers are present in the client request
  • WS_RESPONSE - raised when certain headers are present in the server response
  • WS_SERVER_DATA - raised when the system collects the specified amount of data via the WS::collect command
  • WS_SERVER_FRAME - raised to indicate the start of a Websocket frame received from the server.
  • WS_SERVER_FRAME_DONE - raised to indicate the end of a Websocket frame received from the server

XML


The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.