Aaron,
we've thought about using an array to keep the time a client connects to a server. The array would be indexed by src and dest IP address. The first connection request would timeout but for the second one we could use the data in the array to make a qualified guess that the client isn't talking HTTP.
Getting the dest IP at the time we need it (CLIENT_CONNECT) remains to be a challenge as I was unable to do so. I think the example for "serverside" at devcentral.com is wrong and the error message is not encouraging:
Jun 13 07:14:42 tmm tmm[953]: 01220001:3: TCL error: Rule basicHttpDetection - Error: No peer connection established IP::remote_addr needs an established peer connection! (line 1) invoked from within "IP::remote_addr" peer expression (line 1) invoked from within "serverside {IP::remote_addr}"
BTW we're using LTM 9.3.1 HF1.
As a single client can do multiple e.g. ssh requests over port 80 to the same server one needs locking which I haven't found neither for TCL nor iRules.
Finally since the array would be global we also have to think about garbage collection to avoid the array growing unlimited.
For my taste these are too many problems for a kludge and I'd really appreciate if you could give us TCP::collect with a timeout like
TCP::collect n t
where n is the number of bytes to collect and t is the timeout in milli secs.
Thanks.