Version notice:
HTTP_REQUEST¶
Description¶
An iRule event triggered when the system fully
parses the complete client HTTP request headers (that is, the method,
URI, version, and all headers, not including the HTTP request body).
Examples¶
when HTTP_REQUEST {
if { [HTTP::uri] contains "secure"} {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}
}
Related Information¶
Available Commands:
- ACCESS::disable - Control enforcement for a particular request URI
- AUTH::abort - Cancels any outstanding auth operations in this authentication session.
- AUTH::authenticate - Performs a new authentication operation.
- AUTH::password_credential - Sets the password credential to the specified string for a future AUTH::authenticate call.
- AUTH::wantcredential_prompt - Returns a string for an authorization session authid’s credential prompt.
- CACHE::disable - Disables the caching for this request.
- CACHE::enable - Forces the document to be cached.
- CACHE::priority - Adds a priority to cached documents.
- CACHE::uri - Overrides the URI value used by the cache to store the cached content.
- CACHE::useragent - Overrides the useragent value used by the cache to reference the cached content.
- CACHE::userkey - Allows users to add user-defined values to the key used by the cache to reference the cached content.
- CATEGORY::analytics - enables or disables the analytics server on a per request basis
- CATEGORY::safesearch - checks for safe search parameters for the given URL
- CLASSIFY::application - allows you to set or add an app name to the classification.
- CLASSIFY::category - allows you to set or add a category name to the classification
- CLASSIFY::urlcat - allows you to set or add an url category to the classification.
- clone - Causes the system to clone traffic to the specified pool or pool member regardless of monitor status.
- COMPRESS::buffer_size - Sets the compression buffer size.
- COMPRESS::disable - Disables compression for the current HTTP response.
- COMPRESS::enable - Enables compression for the current HTTP response.
- COMPRESS::gzip - Sets HTTP data compression criteria.
- DOSL7::profile - returns the DOS profile from which the L7-DoS policy is extracted
- forward - Sets the connection to forward IP packets.
- HTTP::class - Returns or sets the HTTP class selected by the HTTP selector.
- HTTP::close - Closes the HTTP connection.
- HTTP::collect - Collects an amount of HTTP body data that you specify.
- HTTP::cookie - Queries for or manipulates cookies in HTTP requests and responses.
- HTTP::fallback - Specifies or overrides a fallback host specified in the HTTP profile.
- HTTP::header - Queries or modifies HTTP headers.
- HTTP::host - Returns the value of the HTTP Host header
- HTTP::is_keepalive - Returns a true value if this is a Keep-Alive connection.
- HTTP::is_redirect - Returns a true value if the response is a redirect.
- HTTP::method - Returns the type of HTTP request method.
- HTTP::password - Returns the password part of HTTP basic authentication.
- HTTP::path - Returns or sets the path part of the HTTP request.
- HTTP::payload - Queries for or manipulates HTTP payload information.
- HTTP::query - Returns the query part of the HTTP request.
- HTTP::redirect - Redirects an HTTP request or response to the specified URL.
- HTTP::request - Returns the raw HTTP request headers.
- HTTP::request_num - Returns the number of HTTP requests that a client made on the connection.
- HTTP::respond - Generates a response to the client as if it came from the server.
- HTTP::uri - Returns or sets the URI part of the HTTP request.
- HTTP::username - Returns the username part of HTTP basic authentication.
- HTTP::version - Returns or sets the HTTP version of the request or response.
- imid - Returns an i-mode identifier string.
- IP::client_addr - Returns the client IP address of a connection
- IP::idle_timeout - Returns or sets the idle timeout value.
- IP::local_addr - Returns the IP address of the virtual server the client is connected to or the self-ip LTM is connected from.
- ip_ttl - Returns the TTL of the latest IP packet received.
- lasthop - Sets the lasthop of an IP connection.
- LB::server - Returns information about the currently selected server
- listen - Sets up a related ephemeral listener to allow an incoming related connection to be established.
- LSN::address - Set or override translation address.
- LSN::disable - Disable LSN translation.
- LSN::inbound - Disable inbound connections to translation address/port.
- LSN::persistence - Set translation selection mode and persistence timeout.
- LSN::persistence-entry - Create or lookup translation address.
- LSN::pool - Specify LSN pool for current connection.
- LSN::port - Set or override translation port.
- nexthop - Sets the nexthop of an IP connection.
- node - Sends the packet directly to the identified server node.
- peer - Causes the specified iRule commands to be evaluated under the peer’s (opposite) context.
- persist - Causes the system to use the named persistence type to persist the connection.
- pool - Causes the system to load balance traffic to the specified pool or pool member regardless of monitor status.
- session - Utilizes the persistence table to store arbitrary information based on the same keys as persistence.
- snat - Causes the LTM system to assign the specified translation address to the current connection.
- SSL::cert - Returns X509 SSL certificate data.
- TCP::local_port - Returns the local TCP port/service number of a TCP connection.
- URI::query - Returns the query string portion of the given URI or the value of a query string parameter.
- urlcatblindquery - Query the encrypted URL for URL categorization
- urlcatquery - Query the URL for URL categorization
- WAM::disable - Disables Web Accelerator plugin processing on the connection.
- WAM::enable - Disables Web Accelerator plugin processing on the connection
- WEBSSO::disable - Forwards a request without doing SSO processing on it.
- WEBSSO::enable - Causes APM to do the SSO processing on a request.
- WEBSSO::select - Use specified SSO configuration object to do SSO for the HTTP request
Warning
The links to the sample code below are remnants of the old DevCentral wiki and will result in a 404 error. For best results, please copy the link text and search the codeshare directly on DevCentral.
Sample Code:
- Apache Style Logging Slightly Modified - When SNATing to servers. the client IP is lost. This was information our se…
- ASP Session ID Persistence - Persist on ASP SessionID cookie value or PID.
- Block requests by reverse DNS record - Performs a reverse DNS lookup to validate client IP
- Block Referral Requests - This iRule will scan referral requests for images and insert a canned image for requests not coming from a allowed host.
- Cache No POST - Disable RAMcache for POST request responses
- Cipher Strength Pool Selection - Select a pool based on the client’s encryption level.
- Client Cert Request by URI with OCSP Checking - Request a client SSL certificate by URI and validate it using OCSP
- Client Auth Using HTTP Cookie - This iRule illustrates how to use HTTP Cookies for client based authentcation.
- Client Certificate Request by URI with OCSP Checking (v10.1 - v10.2.x) - Request a client SSL certificate by URI and validate it using OCSP for v10.1 - 10.2.x
- Clone Pool Based On Uri - This iRule will clone a connection to a second pool based on the input URI.
- CMP v10.0 compatible counters using the session table - v10.0.1 CMP compatible global counter
- Command Performance - This iRule will compare switch. if. matchclass. and class commands and generate performance graphs.
- Controlling Bots - Webbots. you can’t live with them. you can’t live without them… This iRule determines if a webbot is accessing your systems and assigns them to a lower priority resource.
- Convert 404s to Blank 200s - An iRule to convert an HTTP 404 response to a blank 200 response. HTTP 404…
- Cookie Encryption Across Pools and Services - Implements cookie persistence based on node IP address. not member IP/port….
- Cookie Persistence Without The Port - This rule was written in response to a requirement in which a client had connections to multiple virtual services. each with multiple ports. We wanted a light weight cookie based persistence…
- Credit Card Scrubber - This iRule illustrates how to scrub out Credit Card Numbers from HTTP traffic.
- Credit Card Scrubber Using a Stream Profile - This iRule illustrates how to scrub out Credit Card Numbers from HTTP traffic using a STREAM profile.
- CSV Tabular Data Sideband Importer - This iRule adds the ability to import CSV-formatted tabular data to a table via an HTTP sideband connection.
- Current Pool Member Status - Another variation of the “Pool_Member_Status_Page_on_a_Virtual_Server” Thi…
- Custom Apache-style logging for Java-based applications - I had a requirement to have the F5 BigIP produce logs which replicated our …
- Data Leakage Protection - Scrub sensitive data from application responses
- Delete Cookie From Request By Regex - This iRule allows an administrator to delete cookies from a request which match a defined class of regular expressions.
- detect prior http redirect or respond - Detect a prior HTTP redirect or response to avoid a runtime TCL error
- Disabling HTTP Processing For Unrecognized HTTP Methods - Disables HTTP processing for methods that are not recognized by the HTTP profile
- Election Hash Load Balancing And Persistence - Deterministically load balances and persists connections to a server using an election hash
- Encrypt HTTP cookies with dynamic names - Encrypt all of the BIG-IP persistence cookies regardless of their specific name
- Encrypting Cookies - This example shows how to encrypt and decrypt a HTTP cookie from within an iRule.
- Excessive_404_Blacklist - This iRule will block ALL further site access to source IP addresses that exceed a certain number of HTTP requests to server resources that results in a 404 not found error.
- File Not Found Handler - This iRule will handle HTTP 404 (File Not Found) errors returned from pool members and return an embedded customized error page.
- Findclass Against Variable Length URI - Using findclass to select pool based on longest-match URI path
- Formatted Logging For W3c - This iRule Allows you to log traffic in a W3C compliant fashion.
- Fully Decode URI - This sample will recursively decode a URI before inspection.
- Generic Host To Uri Mapping - This iRule shows how to map a portion of the host header to a specified Uri.
- Gomez Injection - Auto injection of Gomez Networks Actual XF client side Javascript.
- Gomez Injection With Group Id - Auto injection of Gomez Networks Actual XF client side Javascript.
- SAM launch application with username and passwsord - By design. current BIG-IP SAM 8.0 does not have session variable for user p…
- Heatmaps Part1 - Create a heat map view of your HTTP requests. mapped to the locations around the United States.
- Heatmaps Part4 - Create a heat map view of your HTTP requests. mapped to the locations around the World with hard numbers to back up the pretty pictures.
- high performance rate limiting - This rule will limit the number of request to a particular vhost and uri to…
- HTML Comment Scrubber - This iRule will remove all HTML comments and replace them with white space.
- HTML comment scrubber using a stream profile - Removes HTML comments from server responses
- HTTP delay and validate clients using javascript cookies when CPU overloaded - If CPU usage high. delay clients and validate they’re real by making sure they can execute javascript.
- … - If CPU usage is over $::maxcpu (default 60%). send the client javascript th…
- HTTP method conversion - This is one way that allows you to convert HTTP method from GET to POST or …
- HTTP POST redirect preserving POST data - Use Javascript in an iRule to redirect HTTP POST requests to HTTPS
- HTTP prefetch insertion - This iRule demonstrate how to use BIG-IP to insert prefetch hint/force to http response from server.
- HTTP redirect to HTTPS with pool down detection - I pieced this together from several rules because I couldn’t find a rule th…
- HTTP session limit - HTTP Session limiting for LTM v10.1 using tables.
- HTTP sideband policy checking - iRule for HTTP sideband policy checking
- HTTP to HTTPS redirect by vs name - Redirect HTTP requests to HTTPS using the virtual server name to avoid certificate mismatch warnings
- HTTP and HTTPS on a single virtual server - iRule to support a virtual server on port 0 and a client SSL profile. and a…
- HTTP Payload Collection - iRule demonstrating the basic approach for collection and manipulation of HTTP payload data.
- HTTP request cloning - Clone HTTP requests to one or more destination pools
- HTTP Request Throttle - iRule to dynamically throttle HTTP request rate by client IP.
- Http Response Based On Requested Uri - This iRule sends an HTTP response based on the requested path.
- HTTP retry on 404 pre-9.2.0 - Mimic LB::reselect and HTTP::retry for pre-9.2.0 boxes
- HTTPS passthrough fallback URL - This iRule allows an administrator to pass HTTPS traffic through the BIG-IP…
- HTTP Serverside Chunking For One Dot Zero Requests - iRule demonstrating how to transform the serverside flow to 1.1 for 1.0 requests
- HTTP Session Limit - Limits total concurrent HTTP sessions to a pre-defined threshhold. allowing those clients with a session cookie to continue once the limit is reached. while redirecting new clients until con…
- HTTP Session Watcher - An iRule that provides visibility into HTTP sessions flowing through the BIG-IP
- HTTP slow post mitigation - Mitigating Slow HTTP Post DDoS Attacks With iRules
- HTTPS offload rewriting - Rewrite an HTTP web application’s self references from http:// to https://
- HTTP To HTTPS Cookie Persistence - Persist on HTTP cookie while going from HTTP to HTTPS
- HTTP To HTTPS Redirect 301 - Redirects all traffic to same hostname. same URI over https by issuing a redirect with status 301 (Moved Permanently).
- HTTP To HTTPS Redirect_302 - Redirects all traffic to same hostname. same URI over https by issuing a redirect with status 302 (Moved Temporarily).
- Insert Client Certificate In Serverside HTTP Headers - An example iRule that pulls certainformation from a client cert and passes it along to backend server in HTTP headers.
- Load balancing based on ASP SessionID - The code separates into 2 irules. one for request and one for response. T…
- Log binary HTTP payload in hex - This iRule demonstrates how to collect the HTTP request payload and log the output in hex
- Log Http Class Selection - This iRule logs details of an HTTP request when the request is parsed and when the request matches or does not match an HTTP class filterset.
- Log Http Tcp Udp To Syslogng - You can use iRules to log a summary of each request and its response. and send the data to a remote syslog server using BIG-IP’s syslog-ng daemon.
- Log large HTTP payloads in chunks locally and remotely - Log POST request payloads remotely via HSL to a syslog server and locally.
- Select pool based on HTTP host header - This rule was designed for a customer that had many websites hosted on one …
- LTM sorry page image when no pool members available - Return sorry page with text & images by simply creating an image of the sorry page to return when no pool members are availble to the virtual
- LTM Image Hosting - Host Images on LTM in External Class
- LTM Maintenance Page - Use the LTM as a webserver for a particular directory. In this case. we return a maintenance page with text and images to return when no pool members are available.
- LTM Maintenance Page Lite - Use the LTM as a webserver for as lite version of a maintenance page. In this case. it returns a maintenance page with text to return when the pool members are not available.
- LTM Maintenance Window - iRule that uses the STATs profile to manage an LTM maintenance page response during maintenance windows.
- Manual cookie persistence - I had an app admin ask me for a way to temporarily force node assignment. f…
- Microsoft Branch Cache Hash Offload - Hash Offload for Microsoft BranchCache
- Modifying Secure Access Manager v8 session variables with a cookie - In this example. an external server is used to authenticate users before pa…
- Monitor_pools_from_external_monitors - This iRule allows external http monitors to query specific poo…
- MS Exchange Active Sync Device Auth - Compares the DeviceID of the client against a Data Group list, (useful for centralized management of devices)
- MS Exchange Active Sync Multi Device Auth - Utilizes the Exchange extended attributes to store multiple devices per client, (i.e. iPhone, iPad, etc.) to validate the device as approved for the assigned user.
- Outlook Anywhere Persistence with Cookie Backup - The deployment guide for Microsoft Exchange Server 2007 (http://www.f5.com/…
- Parse username from HTTP requests - Parse the username from HTTP requests in the basic auth header and POST data
- Path Traversal Detection - This iRule tries to detect all Path Traversal attempts against web sites in query string parameters
- Persistence Cookie Logger - Extracts the cookie value from a persistence cookie inserted by LTM’s “cookie insert” persistence method
- Phishing Prevention - This iRule helps to cut down on Phishing and scraping attempts that might otherwise plague your network.
- Pool Member Status Page on a Virtual Server v9 - This iRule will create a dynamic list of all the pools and thier members ad…
- Pool status page on a virtual server - The following irule allows clients/users who do not have access to the load…
- Pool Based On Extension - Send requests to a specific server pool by file extension using the Tcl switch command
- POST Request Exponential Backoff - Exponential backoff iRule to thwart dictionary attacks
- Proxy Auth - Provides Authentication offload onto an service such as LDAP.
- ProxyPass (for LTM v9 only) - iRule to replace the functionality of Apache Webserver ProxyPass and ProxyPassReverse functions
- ProxyPass Lite - This iRule implements a limited subset of the full ProxyPassV10 iRule:
- ProxyPass v10/v11 - iRule (for LTM v10/v11) to replace the functionality of Apache Webserver ProxyPass and ProxyPassReverse functions allowing for a different server and client view of your web application(s).
- Rate Limit HTTP Requests - Limits HTTP POST requests by user
- ratio load balancing using rand function - Use a psuedo random number to set a ratio for any iRule logic. This avoids using a global counter mechanism to track past selections.
- Redirect Non-SSL Requests on SSL Virtual Server Rule - This iRule sends an HTTP redirect to clients who make an HTTP request to an HTTPS virtual server
- Redirect On Weak Encryption - This rule illustrates how to redirect a client to an un-encrypted page with an informational error if the client does not have at least 128 bits of encryption.
- Redirect Trapper - iRule to trap server redirect response, follow the redirect on the BIG-IP and return the followed response to the client as a result of original request
- Referral Tracker - Create a pie chart of your top referrers
- Reorder Http Cookies - This iRule will reorder all the HTTP cookies going to the backend server.
- Replace HTTP refresh with HTTP Redirect - Intercepts pages with HTTP REFRESH and re-writes as a proper 302 redirect
- Request Client Certificate And Pass To Application - We are using BigIP to dynamically request a client certificate and pass it to server.
- Reverse Proxy With Basic SSO - The iRule implements a authenticated HTTPS reverse proxy.
- Rewriting Single Part HTTP Responses As Multipart - Transform a single part HTTP response into a multi-part response
- Select pool member based on HTTP query string parameter - Allow clients to manually select a pool member based on a parameter set in the HTTP query string. with persistence.
- Session Table Export - Export the entries from a Session Sub Table with a simple iRules based HTML form.
- Set Uri To Lower Case - This iRule sets the path in an HTTP request to lower case. It does not modify the query string. if present in the request.
- Sideband connection HTTP example - Sends an HTTP request to a sideband server and parses the HTTP response headers and optionally the payload to determine which pool to send the client request to
- Simple DDOS Protection for HTTP Requests - Here is a straight-forward example of how you can avoid a location specific…
- Simulating TCP Closes From Server When Using ASM - Using iRules to simulate server layer 5 TCP closes with BIG-IP ASM
- Small URL Generator - Create small URLs from long URLs and store them in a subtable
- SNAT pool persistence - This example shows how to select the same SNAT address for a given client IP address without tracking the selection in memory
- Social Security Number Scrubbing - This sample iRule will search all outbound HTTP traffic and mask all social security numbers.
- SSL Termination - Finds and replaces a link or specific text with another link or text. can be used for Sharepoint Portal SSL Termination
- TransparentBotProtection - This Solution will act as a Web Form Application protection layer against malicious entities such as automated bots.
- Universal HTTP host redirect - Are you tired of chewing up external public IP’s well this iRule may be for…
- Uri version mapping - This rule implements a stripped down set of functionality of the ProxyPass …
- URI Interrogation - This iRule will interrogate and log all components of the URI.
- URL based redirection - The following is a URL handling iRule that is kind of generic where the map…
- Validate String Characters In Cookie Rule - This rule demonstrates how to efficiently validate whether a given string contains illegal characters.
- Version 9 throttle requests per second - This iRule is a CMP compatible Request per Second Throttling iRule.
- Version 9.x robot and request limiting iRule - This iRule limits robots and what they can do. Furthermore. it restricts re…
- Virtual server connection limit with HTTP response - This rule allows administrators to configure a maximum TCP connection limit…
- Virtual Server Monitoring iRule - This irule generates a dynamic html page with virtual servers and members status.
- Weblogic JSessionID Persistence - Provides persistence on the jsessionid value found in either the URI or a cookie.
- Weblogic JSessionID Persistence for Session Replication - Persists HTTP requests on the primary and secondary server values found in the JSESSIONID cookie when the WebLogic servers implement session replication across two servers
- X Forwarded For Single Header Insert - Insert client address into existing X-Forwarded-For header if it exists
- XML Field Logger Using HTTP Commands - This iRule extracts XML field data from HTTP request data using only HTTP commands. (Useful for BIG-IP versions which have not implemented the XML iRules commands.)
- Introduced: BIGIP-9.0.0
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.