Description
- iRule Editor: customer-facing editor in the Silverline Portal
- displays SOC-provided iRules
- gives you the ability to create your own iRules based on a subset of overall iRule functionality.
- Once you have created an iRule, and attached to a given Proxy, the SOC will ensure the iRule is deployed to production.
- F5 will be adding to its catalog of iRules over time.
- Depending on the iRule it may, or may not, require additional Data Table information.
Note: The iRule contains a High Speed Logging provision, which ensures proper statistics, such as iRule trigger counts, are available via the Portal.
Environment
- Silverline DDoS
- Silverline WAF
- iRules
Procedure
- Navigate in the Silverline Portal to Config > iRule Management
- iRule Management shows a list of iRules, both SOC-provided (DDoS and Managed WAF customers only) and those created by Portal users.
- To create a new iRule, select Add from the top right corner.
- Fill in a name for the iRule
- The iRule editor allows for the following actions when a match is made against the defined criteria:
- Drop frame
- TCP Close Connection
- Allow (log only)
- As it can be seen above, elements of the HTTP payload and header can be used, including URI, Method and Header. These can be matched against anything specified in the "Matches" box according to:
- Starts with
- Ends with
- RegEx (Regular Expression)
- Equals
- Matches
- Contains
- When finished, click Save.
Help with Regular Expressions
Regular expression is essentially a string that is used to describe or match a set of strings, according to certain syntax rules.
Regular Expression Examples
So what does a regular expression look like? It can be as simple as a string of characters to search for an exact match to "abc"
RE: {abc}
Or a builtin escape string that searches for all sequences of non-whitespace in a string
RE: {\S+}
Or a set of ranges of characters that search for all three lowercase letter combinations
RE: {[a-z][a-z][a-z]}
Or even a sequence of numbers representing a credit card number.
{(?:3[4|7]\d{13})|(?:4\d{15})|(?:5[1-5]\d{14})|(?:6011\d{12})}
Regular expressions are fairly resource intensive and in most cases there are faster, more efficient, alternatives available. There are the rare cases, such as the Credit Card scrubber iRule, that would be very difficult to implement with string searches. But, for most other cases, we highly suggest you search for alternate methods.
If you are thinking about using regular expressions to do straight string comparisons, instead make use of the "equals", "contains", "starts_with", and "ends_with" iRule operators. Not only will they perform significantly faster, they will do the exact same thing.
Here's an example:
BAD: if { [regexp {bcd} "abcde"] } {
BAD: if { "abcde" matches_regex "bcd" } {
BETTER: if { [string match "*bcd*" "abcde"] } {
BEST: if { "abcde" contains "bcd" } {