How To: Configure iRules¶
iRule is an entirely user-generated and customizable configuration object that allows you to interact directly with the traffic passing through the device. iRules are useful when you are looking to do some form of custom persistence or rate limiting that is not currently available within the product’s built-in options, or to completely customize the user experience by controlling the flow or even the contents of a given session/packet(s).
You can configure iRules in the following ways:
Using AS3 declarations
Using the BIG-IP Next API
Using BIG-IP Next Central Manager
Note: iRule commands may render the system vulnerable to malicious attacks based on how the iRule is configured.
Using AS3 Declaration¶
To reference an iRule defined elsewhere in the declaration, you can include the following in a service configuration:
"iRules": [
"my_irule_4",
"my_irule_5"
],
Refer to Using AS3 on BIG-IP Next for details on sending an AS3 declaration and Miscellaneous Declarations for examples of using an iRule in a service configuration.
Using BIG-IP Next API¶
For an unmanaged instance, use the BIG-IP Next API to create and attach an iRule to a stack object of the application. An application refers to the collection of stacks and the associated policies, profiles, endpoints, rules, and monitors that work to deliver the application. A stack is equivalent to a virtual server that processes client traffic to the destination.
Refer to Create stack for the OpenAPI specification document.
To create an iRule on an associated stack:
Send a PUT request to the
/api/v1/applicationsendpoint.PUT https://{{bigip_next_mgmt_floating_ip}}:5443/api/v1/applications
For the API body, use the following, substituting appropriate values for the policy and iRules you want to create. The irule must include:
rule- The iRule schema in Tcldescription- Information about the iRule.
{ "applications": [ { "name": "my_tenant:my_app", "stacks": [ { "clientSide": { "l4ClientSide": "my_tenant:my_app:my_service", "persistence": { "template": "SOURCE_ADDR_TEMPLATE" } }, "enabled": true, "irules": [ { "description": "my_tenant:my_app:my_irule_4", "priority": 100, "rule": "when ACCESS_SESSION_STARTED {\n log local0.notice \"Received a new session from browser: [ACCESS::session data get \"session.user.agent\"]" }, { "description": "my_tenant:my_app:my_irule_5", "priority": 101, "rule": "when ACCESS_POLICY_COMPLETED {\n set myclientip [ACCESS::session data get \"session.user.clientip\"]\n set mylandinguri [ACCESS::session data get \"session.server.landinguri\"]\n ACCESS::respond 302 \"Location\" \"$mylandinguri\" \"Connection\" \"Close\" \"Set-Cookie\" \"myclientip=$myclientip\"\n }" } ], "name": "my_tenant:my_app:my_service", "serverSide": { "l4ServerSide": "my_tenant:my_app:my_service", "loadBalancing": "least-connections" }, "stackType": "HttpRevProxy" } ], "files": [], "L4-clientsides": [ { "destinations": [ "198.18.1.10" ], "l3Networks": ["appsvcs:all-networks"], "name": "my_tenant:my_app:my_service", "ports": [ "80" ] } ], "L4-serversides": [ { "endpoints": [ { "address": "198.18.10.10:80", "endpointType": "L4BasicEndpoint" } ], "l3Networks": ["appsvcs:all-networks"], "name": "my_tenant:my_app:my_service" } ], "policies": [ {"perSessionAccessPolicy": "apssp1c"}, {"perRequestAccessPolicy": "HTTPHeaderPolicy"} ] } ] }
Using BIG-IP Next Central Manager¶
For information about creating iRules, and adding applications directly to an iRule using BIG-IP Next Central Manager see How to: Create and manage iRules on BIG-IP Next Central Manager.
Reference Topics¶
Here’s a list of some reference information that you can use to help you with all of your iRules needs.
Supported List of Commands - Documentation for iRules Commands.
Supported List of Events - Documentation for iRules Events.