iRules - Is There Anything You Can't Do?

Ex·ten·si·ble (in programming): Said of a system (e.g., program, file format, programming language, protocol, etc.) designed to easily allow the addition of new features at a later date. (from

Whenever I attend a F5 customer or partner gathering, I always ask of those who use iRules, 'Do you deploy iRules due to BIG-IP not having a particular feature or because you need to solve a specific issue within your unique architecture?'  Overwhelmingly, the answer is to address something exclusive to the environment. 

An iRule is a powerful and flexible feature of BIG-IP devices based on F5's exclusive TMOS architecture. iRules provide customers with unprecedented control to directly manipulate and manage any IP application traffic and enables administrators to customize how you intercept, inspect, transform, and direct inbound or outbound application traffic.  iRules is an Event Driven scripting language which means that you'll be writing code based off of specific Events that occur within the context of the connections being passed through the Virtual IP your iRule is applied to. 

There are many cool iRule examples on our DevCentral Community site like Routing traffic by URI and even instances where an iRule helped patch an Apache Zero-Day Exploit (Apache Killer) within hours of it being made public and well before the official Apache patch.  An iRule was able to mitigate the vulnerability and BIG-IP customers who have Apache web servers were protected.  Risk of exploit greatly diminished.

Recently our own Joe Pruitt, Sr. Strategic Architect with the DevCentral team, wrote a cool iRule (and Tech Tip) to Automate Web Analytics.  Analysis on the usage patterns of site visitors is critical for many organizations.  It helps them determine how their website is being utilized and what adjustments are needed to make the experience as best as possible...among many other things.  Joe's article discusses how to use an iRule to inject analytics code into HTML responses to enable the automation of analytics into your website software.  Adding a certain piece of JavaScript code into each web page that you would like monitored is one option but what happens if the release criteria for application code requires testing and adding content to pages in production is not allowed or multiple products from multiple application groups reside on a given server or even when 3rd party code is present where you don't have access to all the source that controls page generation.

If you have BIG-IP fronting your web application servers, then you can add Joe's iRule to inject client side JavaScript into the application stream without the application knowing about it.  Joe uses Google Analytics as an example, but, according to Joe, it is fairly easy to replace the content of the "analytics" variable with the replacement code for any other service you might be using.  Very cool indeed.

So while iRules might not be able to make your coffee in the morning - unless of course it is a slew of IP enabled coffee machines - they can help organizations create extremely agile, flexible and secure environments.  Like Oreos and Reese's, there have been a bunch of imitators but nothing is as good as the original.




Connect with Peter:Connect with F5:
Published May 30, 2013
Version 1.0

Was this article helpful?