Follow

How to Create iRules with iRule Editor in Silverline Portal

Description

  • iRule Editor: customer-facing editor in the Silverline Portal
    • displays SOC-provided iRules
    • gives you the ability to create your own iRules based on a subset of overall iRule functionality.  
    • Once you have created an iRule, and attached to a given Proxy, the SOC will ensure the iRule is deployed to production.
  • F5 will be adding to its catalog of iRules over time.
  • Depending on the iRule it may, or may not, require additional Data Table information. 

Note: The iRule contains a High Speed Logging provision, which ensures proper statistics, such as iRule trigger counts, are available via the Portal.

 

Environment

  • Silverline DDoS
  • Silverline WAF
  • iRules

 

Procedure

 

  1. Navigate in the Silverline Portal to Config > iRule Management
    • iRule Management shows a list of iRules, both SOC-provided (DDoS and Managed WAF customers only) and those created by Portal users.
  2. To create a new iRule, select Add from the top right corner.
  3. Fill in a name for the iRule
  4. The iRule editor allows for the following actions when a match is made against the defined criteria:
    • Drop frame
    • TCP Close Connection
    • Allow (log only)
  5. As it can be seen above, elements of the HTTP payload and header can be used, including URI, Method and Header.  These can be matched against anything specified in the "Matches" box according to:
    • Starts with
    • Ends with
    • RegEx (Regular Expression)
    • Equals
    • Matches
    • Contains
  6. When finished, click Save.

 

Help with Regular Expressions

Regular expression is essentially a string that is used to describe or match a set of strings, according to certain syntax rules.

Regular Expression Examples

So what does a regular expression look like?  It can be as simple as a string of characters to search for an exact match to "abc"

RE: {abc}

Or a builtin escape string that searches for all sequences of non-whitespace in a string

RE: {\S+}

Or a set of ranges of characters that search for all three lowercase letter combinations

RE: {[a-z][a-z][a-z]}

Or even a sequence of numbers representing a credit card number.

{(?:3[4|7]\d{13})|(?:4\d{15})|(?:5[1-5]\d{14})|(?:6011\d{12})}

Regular expressions are fairly resource intensive and in most cases there are faster, more efficient, alternatives available.  There are the rare cases, such as the Credit Card scrubber iRule, that would be very difficult to implement with string searches.  But, for most other cases, we highly suggest you search for alternate methods.  

If you are thinking about using regular expressions to do straight string comparisons, instead make use of the "equals", "contains", "starts_with", and "ends_with" iRule operators.  Not only will they perform significantly faster, they will do the exact same thing. 

Here's an example:

BAD: if { [regexp {bcd} "abcde"] } {
BAD: if { "abcde" matches_regex "bcd" } {
BETTER: if { [string match "*bcd*" "abcde"] } {
BEST: if { "abcde" contains "bcd" } {

 

Related Content

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request