Catch OAuth introspection response?

a layered VIP might be an option, so create a VIP for the IP address of the external service and the IP again in the pool member. then you can apply a iRule on that.

Seems like there is just no connection occurs to resourse pool when accessing OAuth introspection endpoint. And in irule no "server side" events are triggered at all, only "client_side".

I've tried another option: create internal virtual server and make adapt response profile for it but with no access yet, its a bit more compicated when i've expected.

Did you try using the HTTP_RESPONSE_RELEASE event?

But, if you need to act on the actual payload (not only headers) you need to use HTTP::collect first in HTTP_RESPONSE event, which will trigger the HTTP_RESPONSE_DATA event where you can play with the payload.

For the layered VS option, you don't really need external ip/port, because traffic will never leave the bigip between the two virtual servers.

So you can use a dummy ip such as 1.0.0.1

I didn't test it with the second VS as pool member, but you can use an iRule which will route traffic to the second virtual server

Here is the reference for the virtual irule command: https://devcentral.f5.com/wiki/iRules.virtual.ashx