P e r f o r m a n c eb y D e s i g n AX Series™ Advanced Traffic Manager aFleX Scripting Language Reference Document No.: D-030-01-00-0007 aFleX Engine Ver. 2.0 6/21/2010 Headquarters A10 Networks, Inc. 2309 Bering Dr. San Jose, CA 95131-1125 USA Tel: +1-408-325-8668 (main) Tel: +1-408-325-8676 (support - worldwide) Tel: +1-888-822-7210 (support - toll-free in USA) Fax: +1-408-325-8666 www.a10networks.com © A10 Networks, Inc. 6/21/2010 - All Rights Reserved Information in this document is subject to change without notice. Trademarks: A10 Networks, the A10 logo, ACOS, aFleX, aXAPI, IDaccess, IDsentrie, IP-to-ID, SoftAX, Virtual Chassis, and VirtualN are trademarks or registered trademarks of A10 Networks, Inc. All other trademarks are property of their respective owners. Patents Protection: A10 Networks products including all AX Series products are protected by one or more of the following US patents and patents pending: 7716378, 7675854, 7647635, 7552126, 20090049537, 20080229418, 20080040789, 20070283429, 20070271598, 20070180101 A10 Networks Inc. software license and end users agreement Software for all AX Series products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Software as confidential information. Anyone who uses the Software does so only in compliance with the terms of this Agreement. Customer shall not: 1) reverse engineer, reverse compile, reverse de-assemble or otherwise translate the Software by any means 2) sublicense, rent or lease the Software. Disclaimer The information presented in this document describes the specific products noted and does not imply nor grant a guarantee of any technical performance nor does it provide cause for any eventual claims resulting from the use or misuse of the products described herein or errors and/or omissions. A10 Networks, Inc. reserves the right to make technical and other changes to their products and documents at any time and without prior notification. No warranty is expressed or implied; including and not limited to warranties of noninfringement, regarding programs, circuitry, descriptions and illustrations herein. Environmental Considerations Some electronic components may possibly contain dangerous substances. For information on specific component types, please contact the manufacturer of that component. Always consult local authorities for regulations regarding proper disposal of electronic components in your area. Further Information For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks, Inc. location which can be found by visiting www.a10networks.com. AX Series - aFleX Scripting Language - Reference About This Document Obtaining Technical Assistance For all customers, partners, resellers, and distributors who hold valid A10 Networks Regular and Technical Support service contracts, the A10 Networks Technical Assistance Center provides support services online and over the phone. Corporate Headquarters A10 Networks, Inc. 2309 Bering Dr. San Jose, CA 95131-1125 USA Tel: +1-408-325-8668 (main) Tel: +1-888-822-7210 (support – toll-free in USA) Tel: +1-408-325-8676 (support – direct dial) Fax: +1-408-325-8666 www.a10networks.com Collecting System Information The AX device provides a simple method to collect configuration and status information for Technical Support to use when diagnosing system issues. To collect system information, use either of the following methods. USING THE GUI (RECOMMENDED) 1. 2. 3. 4. 5. 6. 7. Log into the GUI. Select Monitor > System > Logging. On the menu bar, click Show Tech. Click Export. The File Download dialog appears. Click Save. The Save As dialog appears. Navigate to the location where you want to save the file, and click Save. Email the file as an attachment to
[email protected]. P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y 3 of 166 Enable logging in your terminal emulation application. Enter the enable command to access the Privileged EXEC mode of the CLI. 2. Note: As an alternative to saving the output in a log file captured by your terminal emulation application. 4. Log into the CLI. 6.0 6/21/2010 . 3.com. you can export the output from the CLI using the following command: show techsupport export [use-mgmt-port] url (For syntax information. 2. see the AX Series CLI Reference. Enter your enable password at the Password prompt. 5.aFleX Engine Ver. please also provide the following information: • Windows platform (XP/Vista/Windows) • Service pack level • Problem description • Copy of the aFleX script (if applicable) 4 of 166 P e r f o r m a n c e b y D e s i g n Document No. save the output in a file.aFleX Scripting Language . After the command output finishes. Enter the show techsupport command.) Additional Information Required In addition to the AX device information gathered using the procedures above. to capture output generated by the CLI.Reference About This Document USING THE CLI 1.AX Series .: D-030-01-00-0007 . Email the file as an attachment to support@A10Networks. 3 or later.Reference About This Document About This Document This document describes the aFleX inline scripting engine and aFleX Policy Editor. used with the A10 Networks AX Series™ Advanced Traffic Manager.AX Series . These documents are included on the documentation CD shipped with your AX Series system.: D-030-01-00-0007 . The AX Series Advanced Core Operating System (ACOS) accelerates and secures critical business applications. 2. and also are available on the A10 Networks support site: • AX Series Installation Guide • AX Series Configuration Guide • AX Series GUI Reference • AX Series CLI Reference • AX Series MIB Reference • AX Series aXAPI Reference System Description – The AX Series FIGURE 1 The AX Series™ Advanced Traffic Manager The AX Series is the industry’s best performing application acceleration switch that helps organizations scale and maximize application availability through the world’s most advanced application delivery platform.aFleX Scripting Language . Additional information is available for AX Series systems in the following documents.0 6/21/2010 b y 5 of 166 . Note: The commands and options described in this edition are supported with AX Release 2.4.aFleX Engine Ver. provides the highest performance and P e r f o r m a n c e D e s i g n Document No. and establishes a new industry-leading price/performance For more detailed information. 2.: D-030-01-00-0007 .aFleX Engine Ver. specifically for reference in authoring and implementing aFleX policy scripts and using aFleX Policy Editor.0 6/21/2010 . see “Introduction” on page 13. Audience This document is intended for use by system administrators for provision and maintenance of the A10 Networks AX Series. 6 of 166 P e r f o r m a n c e b y D e s i g n Document No.aFleX Scripting Language .Reference About This Document reliability.AX Series . .................... 21 aFleX Events ................................................................................AX Series ...................................................................................................................................... 39 Scripting Functions ............................... 21 aFleX Operators ................................................................................................................................................................................................................................................... 17 aFleX Processing Order ............. 43 P e r f o r m a n c e D e s i g n Document No......................................................................................................................................................................................................... 16 Example: a Simple aFleX Script ................................................................................ 40 Installing and Starting aFleX Policy Editor ......................................................................... 42 Create an aFleX Script ..................................................................... 42 aFleX Templates .............. 24 Examples .................................................................................................................................................................... 6 aFleX Basics 15 Overview........ 42 Editing aFleX Scripts – Getting Started...................... 16 aFleX Policy Editor .......................................................................................................................................................................................... 3 Additional Information Required.................................................................................................................................................................... 15 Advantages of Using aFleX Policies ...................................................................aFleX Scripting Language .......................................................... 19 aFleX Context – Clientside or Serverside .................................................................... 16 aFleX Configuration Prerequisites ....................................................................................................................................................... 39 aFleX Policy Editor ........................................................... 2............................................................... 19 Tcl Symbols ............................................................................ 4 About This Document 5 System Description – The AX Series .............................................................................................................................................................................................................................................aFleX Engine Ver.................................... 18 aFleX Syntax ............................................................................................................................... 19 Disabled Tcl Commands ........................................................... 18 Maximum Filesize of aFleX Scripts .............................. 41 aFleX Policy Editor Features ................................................: D-030-01-00-0007 ........................................................................................................................................................................................................ 5 Audience.................................................................................. 20 aFleX Script Components .......................................................0 6/21/2010 b y 7 of 166 .................................. 26 aFleX Policy Editor 39 Overview......................................................................................................................................................................................................................................................................Reference Contents Obtaining Technical Assistance 3 Collecting System Information................... 23 aFleX Commands .................................................... 17 When aFleX Policy Changes Take Effect ...................................... 24 Command Summary by Type ............................................................ ............ 55 Set Text Color .......................... 54 Options Menu Functions .........................................................................................................................................................................................: D-030-01-00-0007 ...................................................... 50 Exit ................................................................................................................................................................................. 54 View Output Window .......................................................................................................................................................................................................... 2.............0 6/21/2010 ............................................................................................... 52 View Menu Functions .......................................................................................................................... 45 Menu Functions............................................................. 47 File Functions ........................... 55 Set Comment Color ............................................................. 53 View Indention Guides .............................................................................................................................................................................................................................................................................................................................................................................. 53 View White Space ......................................................................................................................................................................................Reference Contents Connect to an AX Device – aFleX File Transfer ....................................................................................................................................................................................................aFleX Engine Ver....................................47 Overview ...................................................................................................................................aFleX Scripting Language ......................................................................................................................... 55 Set Background Color .......................... 51 Replace ...................................................... 51 Find / Find Next / Find Previous ........................................................................................................................................... 47 Connect AX / Disconnect AX ............................................................................. 49 Rename ........................ 55 8 of 166 P e r f o r m a n c e b y D e s i g n Document No................................................................................................... 50 Cut / Copy / Paste / Delete ........................................................... 53 View Margin ..................................................................................................................... 50 Select All ................................................................................................................................................................ 54 View Status Bar .................................................................................................................................................................................................................................................................................................................................................................. 55 Set Keyword Color .......................... 53 View Fold Margin ............................. 45 View aFleX Scripts .................... 49 Export ........................................................................................................................................... 55 My Last Setting .................................................... 48 Download ....... 48 Delete Rule ..................................................................................... 54 View Book Marks ............ 48 Upload ............................................................................................................................................................................................................................................................ 55 Set Line Number Color ...................................................................................................................... 47 New aFleX ............................................................... 49 Import ................................................. 55 Font ............................AX Series ........................................................................................................... 50 Undo / Redo ........................................................................................................................................................................... 49 Save ........................................................................................................................................................... 50 Search Menu Functions .................................................... 54 View End of Line ................................................................................................................................................................................................................................ 53 View Word Wrap .................................................................................................... 51 Go to Line ................................................................................... 50 Edit Menu Functions ............................................................................... 53 View Line Number ............................................................................................................................................................................................................ 49 Reset .................................................... AX Series - aFleX Scripting Language - Reference Contents Help Menu Functions ........................................................................................................................... 56 About aFleX Editor ....................................................................................................................... 56 Other aFleX Policy Editor Functions .................................................................................................. 56 Drag and Drop File Function ....................................................................................................... 56 Status Window .............................................................................................................................. 56 Importing and Binding aFleX Scripts 57 Using the CLI......................................................................................................................................... 57 Using the GUI ........................................................................................................................................ 61 aFleX Policy Examples 63 Simple aFleX Policy.............................................................................................................................. 63 Redirecting HTTP Requests ................................................................................................................ 63 Data Persistence................................................................................................................................... 65 Command Reference 67 Events.................................................................................................................................................... 67 Global Events ................................................................................................................................ 67 RULE_INIT .................................................................................................................................. 67 HTTP Events .................................................................................................................................. 68 HTTP_REQUEST ........................................................................................................................ 68 HTTP_REQUEST_DATA ............................................................................................................ 69 HTTP_REQUEST_SEND ............................................................................................................ 69 HTTP_RESPONSE ..................................................................................................................... 70 HTTP_RESPONSE_CONTINUE ................................................................................................ 70 HTTP_RESPONSE_DATA ......................................................................................................... 70 IP, TCP, and UDP Events ............................................................................................................. 71 CLIENT_ACCEPTED .................................................................................................................. 71 CLIENT_CLOSED ....................................................................................................................... 72 CLIENT_DATA ............................................................................................................................ 72 LB_FAILED ................................................................................................................................. 73 LB_SELECTED ........................................................................................................................... 74 SERVER_CLOSED ..................................................................................................................... 74 SERVER_CONNECTED ............................................................................................................. 74 SERVER_DATA .......................................................................................................................... 74 SSL Events .................................................................................................................................... 75 CLIENTSSL_CLIENTCERT ........................................................................................................ 75 CLIENT_HANDSHAKE ............................................................................................................... 75 P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y 9 of 166 AX Series - aFleX Scripting Language - Reference Contents Operators ...............................................................................................................................................76 Relational Operators .................................................................................................................... 76 contains ....................................................................................................................................... 76 ends_with .................................................................................................................................... 76 equals ......................................................................................................................................... 77 matches ...................................................................................................................................... 77 matches_regex ........................................................................................................................... 78 starts_with ................................................................................................................................... 78 switch .......................................................................................................................................... 79 Logical Operators ......................................................................................................................... 81 and .............................................................................................................................................. 81 not ............................................................................................................................................... 81 or ................................................................................................................................................. 82 Commands.............................................................................................................................................83 GLOBAL Commands .................................................................................................................... 83 active_members .......................................................................................................................... 83 b64decode .................................................................................................................................. 83 b64encode .................................................................................................................................. 84 clientside ..................................................................................................................................... 84 client_addr .................................................................................................................................. 84 client_port ................................................................................................................................... 85 cpu .............................................................................................................................................. 85 detach ......................................................................................................................................... 86 discard ........................................................................................................................................ 86 dnat ............................................................................................................................................. 86 domain ........................................................................................................................................ 87 drop ............................................................................................................................................. 87 encoding ..................................................................................................................................... 88 event ........................................................................................................................................... 88 findstr .......................................................................................................................................... 88 getfield ........................................................................................................................................ 89 htonl ............................................................................................................................................ 90 htons ........................................................................................................................................... 90 http_cookie .................................................................................................................................. 91 http_header ................................................................................................................................. 91 http_host ..................................................................................................................................... 91 http_method ................................................................................................................................ 92 http_uri ........................................................................................................................................ 92 http_version ................................................................................................................................ 92 ip_protocol .................................................................................................................................. 92 ip_tos .......................................................................................................................................... 93 local_addr ................................................................................................................................... 93 log ............................................................................................................................................... 93 10 of 166 P e r f o r m a n c e b y D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 AX Series - aFleX Scripting Language - Reference Contents md5 ............................................................................................................................................. 94 node ............................................................................................................................................ 95 ntohl ............................................................................................................................................. 95 ntohs ............................................................................................................................................ 95 persist .......................................................................................................................................... 96 pool .............................................................................................................................................. 98 redirect ........................................................................................................................................ 99 reject ............................................................................................................................................ 99 remote_addr .............................................................................................................................. 100 serverside .................................................................................................................................. 100 server_addr ............................................................................................................................... 100 server_port ................................................................................................................................ 101 session ...................................................................................................................................... 101 set encode ................................................................................................................................. 102 sha1 ........................................................................................................................................... 102 snatpool ..................................................................................................................................... 103 substr ......................................................................................................................................... 104 virtual ......................................................................................................................................... 105 when .......................................................................................................................................... 105 LB Commands ............................................................................................................................ 106 LB::down ................................................................................................................................... 106 LB::reselect ............................................................................................................................... 106 LB::status node ......................................................................................................................... 110 LB::status pool ........................................................................................................................... 111 HTTP Commands ........................................................................................................................ 112 HTTP::close ............................................................................................................................... 112 HTTP::collect ............................................................................................................................. 112 HTTP::cookie ............................................................................................................................. 114 HTTP::fallback ........................................................................................................................... 117 HTTP::header ............................................................................................................................ 117 HTTP::host ................................................................................................................................ 119 HTTP::is_keepalive ................................................................................................................... 119 HTTP::is_redirect ...................................................................................................................... 119 HTTP::method ........................................................................................................................... 120 HTTP::path ................................................................................................................................ 120 HTTP::payload .......................................................................................................................... 121 HTTP::query .............................................................................................................................. 122 HTTP::redirect ........................................................................................................................... 123 HTTP::release ........................................................................................................................... 123 HTTP::request ........................................................................................................................... 124 HTTP::request_num .................................................................................................................. 124 HTTP::respond .......................................................................................................................... 125 HTTP::retry ................................................................................................................................ 126 HTTP::status ............................................................................................................................. 126 P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y 11 of 166 .............................................................................................................................................. 145 SSL::cert .................................................................................................................................................................................................................................. 149 X509::serial_number .................................................................... 129 IP::protocol ................................................. 151 X509::version ....................................................................................... 128 IP::addr .............................................................. 148 X509::issuer ......................................aFleX Scripting Language ................................................................... 127 HTTP::version ........................... 130 IP::remote_addr ..............................: D-030-01-00-0007 ...................................................... 134 SIP Commands .................................................................................................................................................................................................................................................................... 134 SIP::from .................. 131 IP::stats ..................................................................................................................................................................................................................................................................................... 150 X509::subject ...........................................0 6/21/2010 ......................................................................................................................................................... 133 IP::version ....................................... 128 IP::client_addr ...................... 148 X509::not_valid_after ........................................................................................................................................... 137 SIP::via ....................... 151 12 of 166 P e r f o r m a n c e b y D e s i g n Document No................................................................................................................................................................................................................................................................... 145 POLICY::bwlist id ........................................................ 131 IP::server_addr ...................................................................................................... 132 IP::tos .................................................................................................................................................................. 145 SSL and X509 Commands ......................................................................................................................... 137 SIP::uri .................................................................................................................................................................................................Reference Contents HTTP::uri ....................................................................................................................................................... 2......................................................................................................................................................................... 136 SIP::response ................................................................................................................................................................................................................................................................................................................................................................ 147 SSL::verify_result .........................................aFleX Engine Ver....... 133 IP::ttl ............................................................ 137 SIP::to ................ 147 SSL::sessionid ..............AX Series ..................................................................................................... 146 SSL::cert mode ... 139 Policy-Based SLB Commands ................................................ 135 SIP::header ................................................. 149 X509::not_valid_before ......................................................................... 138 SIP Command Examples ......................................................................... 145 SSL::cert count .............................................................. 135 SIP::header insert ......................................................................... 128 IP Commands .......................................................................................................................................................................................................................................................................................................................................................... 136 SIP::respond ............................................................................................................................................................................................................................................................................................ 150 X509::verify_cert_error_string ............................................................................. 146 SSL::cert issuer ..................................... 129 IP::local_addr .................................................................................................................................................................... 134 SIP::call_id ............................... 135 SIP::method .............................................................................................. ..................................................................................................................................................................................................................................................................................................................................0 6/21/2010 b y 13 of 166 ........................................... 2.............. 159 TIME Commands .........................................................................................................................................................................................................................................................................................................................................................................................................................Reference Contents STATS Commands ................................................................................. 157 TCP::offset ........................................................................................................................................... 160 UDP Commands ....................: D-030-01-00-0007 ..................................................................................................................... 155 TCP::close .................................................................................... 156 TCP::mss ....................................................................................................................... 163 UDP::server_port ............................................................................................................................ 158 TCP::remote_port ..................................................................................................................................................................................................................... 161 UDP::mss .............................................................aFleX Scripting Language .................................. 161 UDP::client_port ............................................................................................................................................................................................................................................. 159 TCP::server_port ...................... 155 TCP::client_port .............................. 153 TCP Commands ........ 152 STATS::clear ......................... 160 TIME::clock .................................................................................................................................................................. 164 P e r f o r m a n c e D e s i g n Document No........................AX Series ...... 160 use .......................... 163 UDP::remote_port ........................................................................................................................ 156 TCP::local_port ............................................................................................................................................................................................................... 158 TCP::release ................................ 157 TCP::payload ......... 161 UDP::local_port .......................................... 162 UDP::payload .........................................................................aFleX Engine Ver................................................................................................................................. 152 STATS::get .................................... 155 TCP::collect ................... AX Series . 2.aFleX Scripting Language .: D-030-01-00-0007 .Reference Contents 14 of 166 P e r f o r m a n c e b y D e s i g n Document No.0 6/21/2010 .aFleX Engine Ver. For an aFleX policy to work. The aFleX scripting language is based on the Tool Command Language (Tcl) programming standard for simplicity and familiarity. it must be bound to a virtual port on the AX device. FIGURE 2 aFleX overview P e r f o r m a n c e D e s i g n Document No. redirect).: D-030-01-00-0007 .0 6/21/2010 b y 15 of 166 . 2.Reference aFleX Basics .Overview aFleX Basics Overview The aFleX scripting language is a powerful inline custom scripting engine that provides in-depth. Then the aFleX policy can make policy decisions by inspecting the payload packets from all traffic going through the virtual port.aFleX Engine Ver. granular control of inspection and redirection policies (filter.AX Series .aFleX Scripting Language . drop. 16 of 166 P e r f o r m a n c e b y D e s i g n Document No.aFleX Engine Ver. You also can create aFleX scripts using the AX GUI or a third-party text editor. save the script in Unicode UTF-8 format.Reference aFleX Basics .aFleX Scripting Language . • aFleX policies can redirect traffic to a group of servers bound to a vir- tual port. You can use the AX GUI or another editor to create the aFleX file. providing backwards compatibility for customized solutions. If you plan to create aFleX scripts in the AX GUI. Use the AX GUI or a third-party editor instead. Japanese). configure the browser so that you can view UTF-8 encoding. Example: a Simple aFleX Script when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10. 2. select View > Encoding > Unicode. supporting both simple and sophisticated content-switching needs. • aFleX policies can search packet headers or even the actual packet con- tent.10] } { pool my_pool } } aFleX Policy Editor The aFleX Policy Editor makes it easy to write an aFleX script (see “aFleX Policy Editor” on page 39).: D-030-01-00-0007 . and direct packets based on the search results. In Internet Explorer. set the language in the GUI as Unicode (UTF-8). Note: To create an aFleX script in a non-English language (for example.Overview Advantages of Using aFleX Policies aFleX policies allow you to exercise more granular control of packet inspection and traffic load balancing. • aFleX policies provide complete flexibility.0 6/21/2010 .10. or to individual ports and URIs on a specific pool member (server).10. To set the language in the GUI to UTF-8. The A10 aFleX Policy Editor does not support UTF-8 format in the current release. • aFleX policies can maintain persistence • Tcl scripts created using leading competitors’ scripting engines often can be easily converted into aFleX scripts. to one specific server in a pool (service group).AX Series . aFleX commands that change the HTTP header or payload are not supported.Reference aFleX Basics . Layer 7 server selection – Service group P e r f o r m a n c e D e s i g n Document No. • Once an aFleX policy is bound to a virtual port. Example: If an aFleX policy includes the event declaration CLIENT_ACCEPTED. Layer 7 server selection – Other templates 5. Example: If the aFleX policy includes an event declaration for HTTP_REQUEST. • The virtual port must be processing the application type that the Event Declaration in the aFleX policy is triggering on. Layer 4 server selection 2. Note: For virtual port type fast-HTTP. In other words.Overview aFleX Configuration Prerequisites • For an aFleX policy to take effect. except cookie persistence templates.aFleX Scripting Language . • If no aFleX policy is assigned to the virtual port. you must bind it to a virtual port on the AX device. Layer 7 server selection – aFleX policy 4.0 6/21/2010 b y 17 of 166 . the AX device will continue to redirect traffic to the default server pool (SLB service group) assigned to the virtual port. aFleX policies have higher priority than most templates.aFleX Engine Ver.: D-030-01-00-0007 . Layer 7 server selection – Cookie persistence template 3. aFleX Processing Order Only one aFleX policy can be assigned to a virtual port. then the policy can only bind to the virtual port that can process HTTP traffic. then the policy is triggered whenever the AX device accepts a client request. 2. Here is the complete processing order: 1. the policy is triggered whenever the AX device encounters the Event Declaration.AX Series . the virtual port’s service type must be fast-http or http. For example. but the aFleX policy chooses another server.0 6/21/2010 . if you change an aFleX policy that is already bound to a virtual port. if you bind an aFleX policy to a virtual port on which some traffic sessions are already active. the maximum filesize supported on an AX device for an aFleX script is 32 Kbytes. the traffic is directed to server20. When aFleX Policy Changes Take Effect aFleX policy changes do not affect traffic that is already active on a virtual port. the traffic ultimately will be directed to server30. To change the maximum aFleX file size. The active sessions are still processed using the aFleX policy as it was before the changes.Overview Example: A virtual port is bound to an aFleX policy and two application templates.Reference aFleX Basics . Both the URL switching template and the aFleX policy are applicable to a client’s traffic. Maximum Filesize of aFleX Scripts By default.aFleX Scripting Language . the aFleX policy does not affect those sessions. The URL switching template chooses server server10. server20.aFleX Engine Ver. On the AX device. The policy changes apply only to sessions that begin after the policy changes are saved. the changes do not apply to sessions that are active when you change the policy. to 16-256 Kbytes.AX Series . However. a URL switching template and a cookie persistence template. Since the aFleX policy has higher priority.: D-030-01-00-0007 . The aFleX policy only affects sessions that begin after the aFleX policy is applied to the virtual port. if the cookie persistence template selects server30. use the following command at the global configuration level of the CLI: [no] aflex max-filesize KBytes 18 of 166 P e r f o r m a n c e b y D e s i g n Document No. 2. you can change the maximum script size. Likewise. aFleX Engine Ver.0 6/21/2010 19 of 166 . Backslash substitution/escape or statement continuation. the following Tcl commands are disabled in the aFleX syntax. after auto_execok auto_import auto_load P e r f o r m a n c e exec exit fblocked fconfigure b y interp load memory namespace seek socket source tcl_findLibrary D e s i g n Document No.org/wiki/Programming:Tcl Disabled Tcl Commands For security. 2. By default.aFleX Syntax aFleX Syntax An aFleX script is a Tcl-like script. Namespace path separator for variables or commands.Reference aFleX Basics . Example: $argv0 could be replaced by /usr/bin/somescript. Substitution still occurs.sourceforge. : : Tcl Symbols Supported in aFleX Policies Description Variable substitution.net/doc/tcl/index. Example: [pwd] could be replaced by /home/joe Word grouping with substitutions.tcl Subcommand substitution. see the following: http://tmml. Word grouping without substitutions.wikibooks. Tcl Symbols The Tcl symbols listed in Table 1 have special meanings. $user is not replaced. Example: {you are $user} is one word.AX Series .html http://en. You cannot use these commands in aFleX scripts. Example "you are $user" is one word.: D-030-01-00-0007 . Statement separator.aFleX Scripting Language . a statement ends with the end of the line. TABLE 1 Delimiter $ [ ] “ “ { } \ # . Example: ::foo::bar For information about standard Tcl syntax. Comment. This symbol can be used only at the beginning of a statement. aFleX Engine Ver.Reference aFleX Basics .AX Series . • Key words: “clientside” or “serverside” • Only specify the context keywords if you want to change default con- text.1.80 ] pool my_pool } } } { To change the default context of any aFleX script.: D-030-01-00-0007 .1. when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 10.80 ] } { pool my_pool2 } } 20 of 166 P e r f o r m a n c e b y D e s i g n Document No. Example: This aFleX policy switches the remote_addr field to the clientside from the default serverside association with the SERVER_CONNECTED event.aFleX Syntax auto_mkindex auto_mkindex_old auto_qualify auto_reset bgerror cd close eof fcopy file fileevent filename flush gets glob http open package pid pkg::create pkg_mkIndex proc pwd rename tell unknown update uplevel upvar vwait aFleX Context – Clientside or Serverside aFleX scripts support context for specifying either client or server side: • Each event has a default context of either client-side or server-side. Because CLIENT_ACCEPTED has a default context of clientside. Example: This aFleX script uses the default CLIENT side association to the REMOTE_ADDR. 2.0 6/21/2010 . when CLIENT_ACCEPTED { if { [IP::addr [clientside {IP::remote_addr}] equals 10. use the clientside or serverside key words.aFleX Scripting Language .1.1. the remote_addr field is automatically assigned to clientside. if an aFleX policy is configured to be triggered by the HTTP_REQUEST event.AX Series . 2.1.80 ] pool my_pool } } } { P e r f o r m a n c e D e s i g n Document No.1.Reference aFleX Basics .aFleX Script Components aFleX Script Components aFleX scripts consist of the following element types: • Events • Operators • Commands aFleX Events aFleX scripts are event-driven.: D-030-01-00-0007 . the AX device triggers the aFleX policy when an HTTP request is received. For example. Event declarations are made with the “when” keyword followed by the event name. Example: } when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 10.0 6/21/2010 b y 21 of 166 .aFleX Engine Ver.aFleX Scripting Language . The AX device triggers an aFleX policy based on a specified event. CLIENT_DATA Triggered when a client receives new data while the connection is in collect state. HTTP HTTP_REQUEST Triggered when the AX device fully parses a complete client request header. TCP. SERVER_DATA Triggered when the AX device has received new data from the target node while the connection is in hold state.: D-030-01-00-0007 .0 6/21/2010 .aFleX Engine Ver.aFleX Script Components Table 2 lists the event declarations supported in aFleX policies. TABLE 2 aFleX Event Declarations Event Name and Description Event Type Global IP. CLIENT_CLOSED Triggered when the client-side connection closes. LB_SELECTED Triggered when the system selects a pool member. SERVER_CLOSED Triggered when the server side connection closes.AX Series . for example. HTTP_REQUEST_DATA Triggered whenever the request receives new HTTP content data. UDP RULE_INIT Triggered when used in an aFleX policy. CLIENT_ACCEPTED Triggered when a client establishes a connection. LB_FAILED Triggered when the AX device can not select a node (server) for the incoming request. HTTP_RESPONSE_DATA Triggered whenever the AX device receives new HTTP content data from the response. Server-side event.Reference aFleX Basics . 2.aFleX Scripting Language . SERVER_CONNECTED Triggered when the AX device establishes a connection with the target node. HTTP_RESPONSE Triggered when the AX device parses all of the response status and header lines from the server response. 22 of 166 P e r f o r m a n c e b y D e s i g n Document No. HTTP_REQUEST_SEND Triggered immediately before a request is sent to a server. HTTP_RESPONSE_CONTINUE Triggered whenever the AX device receives a 100 Continue response from the server. if all nodes in the pool are down or all their connection limits have been reached. aFleX Script Components TABLE 2 aFleX Event Declarations (Continued) Event Name and Description Event Type SSL CLIENTSSL_CLIENTCERT Triggered when an SSL client certificate is received. ends_with Tests whether one string (string1) ends with another string (string2). P e r f o r m a n c e D e s i g n Document No. Logical and Performs a logical “and” comparison between two values.: D-030-01-00-0007 . depending on a given value. not Performs a logical “not” on a value. matches_regex Tests whether one string matches a regular expression. aFleX Operators aFleX policies use operators to compare operands in an expression. Table 3 lists the operators supported in aFleX policies. equals Tests whether one string equals another string. TABLE 3 aFleX Operators Operator Name and Description Operator Type Relational contains Tests whether one string (string1) contains another string (string2).aFleX Scripting Language . switch Built-in Tcl command. starts_with Tests whether one string (string1) starts with another string (string2). CLIENTSSL_HANDSHAKE Triggered when an SSL handshake on the client side is completed. if all nodes in the pool are down or all their connection limits have been reached. 2. for example. LB_FAILED Triggered when the AX device can not select a node (server) for the incoming request. Evaluates one of several scripts. or Performs a logical “or” comparison between two values.0 6/21/2010 b y 23 of 166 .aFleX Engine Ver. matches Tests whether one string matches another string.Reference aFleX Basics .AX Series . TCP.aFleX Engine Ver.jpg" } { pool jpg_pool } } Example: Node Selection This aFleX script uses the “node” command to select one specific server to send the traffic to. • IP. when HTTP_REQUEST { if { [HTTP::uri] ends_with ".10 80 } } 24 of 166 P e r f o r m a n c e b y D e s i g n Document No. • Query commands: • IP packet header query – Returns information from the IP header.509 query – Returns information from or about certificates. • TCP header and content manipulation – Changes TCP headers or content.AX Series . • SSL and X. or UDP packet data query – Returns information from the payload. 2.: D-030-01-00-0007 .Reference aFleX Basics .aFleX Scripting Language . • HTTP packet header or content query – Returns information from the HTTP header or payload.aFleX Script Components aFleX Commands aFleX commands can perform the following types of operations: • Global – Performs actions such as selecting a pool (SLB service group) or node (server).gif" } { pool gif_pool } elseif { [HTTP::uri] ends_with ". • Header and content manipulation: • HTTP cookie manipulation – Changes cookies.168. • HTTP header and content manipulation – Changes HTTP headers or content. when HTTP_REQUEST { if { [HTTP::uri] ends_with ".gif" } { node 192.100.0 6/21/2010 . • Deep packet inspection – Returns strings from packets. Examples Example: Pool Selection This aFleX script uses the if command to determine which pool to send traffic to based on the file type “gif” or “jpg”. 0.Reference aFleX Basics . P e r f o r m a n c e D e s i g n Document No.aFleX Scripting Language . when CLIENT_ACCEPTED{ if { [IP::protocol] == 6 } { pool tcp_pool } else { pool slow_pool } } } Example: IP Packet Header Query – ToS Level This example shows the ToS field being inspected for clientside ToS value of “16”.168.: D-030-01-00-0007 . when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 192. when CLIENT_ACCEPTED { if { [IP::tos] == 16 } { pool tos16_pool } else { pool other_pool }} Example: TCP Query This aFleX script uses the payload field to check for the words XYZ or ABC to properly redirect traffic.168.AX Series .168_pool. 2.0/16 subnet direct to a special pool 192.0/16] } { pool 192.aFleX Script Components Example: IP Packet Header Query – IP Address This example shows that the traffic from client in 192.0.0 6/21/2010 b y 25 of 166 .aFleX Engine Ver.168_pool } else { pool other_pool } } Example: IP Packet Header Query – Protocol Number This example shows the protocol field being inspected for clientside protocol value of “6”. 3] =="ABC" } { pool abc_servers } else { pool web_servers } } Command Summary by Type Table 4 lists the aFleX commands according to the types of operations they perform. TABLE 4 Command Type Global aFleX Commands Command Name and Description active_members <pool_name> [partition shared] Returns the number of active members in the pool.aFleX Script Components when CLIENT_DATA { if { [TCP::payload] contains "XYZ" } { pool xyz_servers } elseif { [substr[TCP::payload] 50. encoded as base-64.0 6/21/2010 . where they are listed alphabetically. This statement must be conditionally associated with an if statement. see “Command Reference” on page 67. b64decode <string> Returns the specified string. clientside {<aFleX commands>} Causes the specified aFleX commands to be evaluated under the client-side context. cpu usage [1sec | 5secs | 15secs | 1min | 5mins | 15mins | all_seconds | all_minutes] Returns the average CPU load for the given interval.aFleX Scripting Language . For more information about the aFleX commands.aFleX Engine Ver. Returns NULL if there is an error. This command has no effect if the aFleX policy is already being evaluated under the client-side context. when you want the aFleX policy to act upon service groups in the shared partition instead. By default. detach Discontinues evaluating the aFleX event on a connection. dnat {disable | enable} Disables or enables destination NAT for the current connection. 2. the aFleX policy continues to run. decoded from base-64. The partition shared option causes the aFleX policy to act upon service groups in the shared partition instead. However. discard Causes the current packet or connection (depending on the context of the event) to be discarded. This option is useful in aFleX policies that are located in a private partition.AX Series . b64encode <string> Returns the specified string. Returns NULL if there is an error. The command overrides the behavior set by the no-dest-nat CLI command or equivalent GUI option on the virtual port. 26 of 166 P e r f o r m a n c e b y D e s i g n Document No. All averages are exponential weighted moving averages over the interval. this command acts upon the service groups (pools) located in the partition that contains the aFleX policy.Reference aFleX Basics .: D-030-01-00-0007 . event [<name>] [enable | disable] | [enable all | disable all] Discontinues evaluating the specified aFleX event.aFleX Scripting Language .AX Series . the aFleX script continues to run. ntohs <netshort> Converts the unsigned short integer from network byte order to host byte order. If not used appropriately. P e r f o r m a n c e D e s i g n Document No. md5 Returns the RSA MD5 Message Digest Algorithm message digest of the specified string. node <addr> [<port>] Causes the identified server node to be used directly. a log statement can produce large amounts of output.: D-030-01-00-0007 . drop Same as the discard command.aFleX Engine Ver. htons <hostshort> Converts the unsigned short integer from host byte order to network byte order. if { <expression> } {<statement_command>} elseif { <expression> } {<statement_command>} Asks a true or false question and. encoding {convertfrom | convertto} <encoding> Converts the character encoding of a payload to the specified encodiing. or all aFleX events. on a connection. thus bypassing any load-balancing. However. persist uie <string> [<timeout>] persist add uie <key> [timeout] persist lookup uie <key> [all | node | port | pool] persist delete uie <key> Configures persistence of clients with SLB resources. 2. htonl <hostlong> Converts the unsigned integer from host byte order to network byte order.0 6/21/2010 b y 27 of 166 .aFleX Script Components TABLE 4 Command Type Global (cont. Note: The maximum number of if statements that you can nest in an aFleX policy is 100. ntohl <netlong> Converts the unsigned integer from network byte order to host byte order. takes some action.Reference aFleX Basics . The statement does this by performing variable expansion on the message as defined for the Header Insert HTTP profile attribute. log [<facility> <level>} <message> Generates and logs the specified message to the Syslog facility. depending on the answer.) aFleX Commands (Continued) Command Name and Description domain <string> <count> Parses the specified string as a dotted domain name and returns the last <count> portions of the domain name. aFleX Engine Ver. Optionally. By default. this command acts upon the service groups (pools) located in the partition that contains the aFleX policy.) aFleX Commands (Continued) Command Name and Description pool <pool_name> [member<addr> [<port>]] [partition shared] Causes the AX device to load balance traffic to the named pool. Time Commands 28 of 166 P e r f o r m a n c e b y D e s i g n Document No.AX Series . return [<expression>] Terminates execution of the aFleX event and optionally return the result of evaluating <expression>. session lookup ssl <key> Searches the SSL table for information about the specified key. You can specify multiple when commands within a single aFleX script. If an SSL table already exists. in seconds or milliseconds.aFleX Scripting Language .Reference aFleX Basics . This command has no effect if the aFleX policy is already being evaluated under the server-side context. the <key> is the session ID and the data is the SSL verify_result or the SSL certificate. All aFleX events begin with a when command. virtual name Returns the name of the associated virtual server that the connection is flowing through. returning a reset as appropriate for the protocol. when <event_name> Specify an event in an aFleX script. This statement must be conditionally associated with an if statement. session delete ssl <key> Deletes an SSL entry. sha1 Returns the Secure Hash Algorithm version 1.aFleX Script Components TABLE 4 Command Type Global (cont. reject Causes the connection to be rejected. Generally.: D-030-01-00-0007 . snatpool <snatpool_name> Uses the specified pool of IP addresses as translation addresses to create a SNAT. you can specify a specific pool member to which you want to direct the traffic. the command adds an entry to the table. 2. This option is useful in aFleX policies that are located in a private partition. The partition shared option causes the aFleX policy to act upon service groups in the shared partition instead. serverside {<aFleX commands>} Causes the specified aFleX commands to be evaluated under the server-side context.0 (SHA1) message digest of the specified string. when you want the aFleX policy to act upon service groups in the shared partition instead. set encode "<encoding>" Sets the character encoding for data payloads. session add ssl <key> <data> [<timeout>] Creates a table to store SSL information. TIME::clock [seconds | milliseconds] Returns the system time.0 6/21/2010 . IP::local_addr Returns the local IP address of a connection. IP::protocol Returns the IP protocol value.aFleX Engine Ver. IP::ttl Returns the TTL of the current packet being acted upon. IP::version Return the version (e. IPv4/IPv6) of the current packet. This command is equivalent to the command clientside { IP::remote_addr }.0 6/21/2010 b y 29 of 166 . Returns 0 if no match. IP::remote_addr Returns the remote IP address of a connection. IP::server_addr Returns the server’s IP address. IP::stats {pkts in | pkts out | pkts | bytes in | bytes out | bytes | age} Supplies information about the number of packets or bytes being sent or received in a given connection.aFleX Script Components TABLE 4 aFleX Commands (Continued) Command Name and Description IP::addr <addr1>[/<mask>] equals <addr2>[/<mask>] Performs comparison of IP address/subnet/supernet to IP address/subnet/supernet. 1 for a match..AX Series . IP::client_addr Returns the client IP address of a connection.aFleX Scripting Language .Reference aFleX Basics . This command is equivalent to the command serverside { IP::remote_addr }. IP::tos Returns the value of the IP protocol’s Type of Service (ToS) field.g. 2. Command Type IP Packet Header Query P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 . aFleX Engine Ver. TCP::collect <length> Causes TCP to start collecting the specified amount of content data. TCP::local_port Returns the local TCP port/service number. UDP::remote_port Returns the remote’s UDP port/service number. TCP::release Causes TCP to resume processing the connection and flush collected data. Note: This command is equivalent to the command clientside {UDP::remote_port}.aFleX Scripting Language . Equivalent to the command serverside { TCP::remote_port }.Reference aFleX Basics . UDP::server_port Returns the server UDP port/service number. Note: This command is equivalent to the command serverside { UDP::remote_port }. UDP::payload [<size>] Returns the current UDP payload content. Equivalent to the command clientside { TCP::remote_port }. UDP::payload length Returns the amount of UDP payload content in bytes. TCP::client_port Returns the client’s TCP port/service number. 2. Command Type TCP Packet Header and Content Query UDP Packet Header and Content Query 30 of 166 P e r f o r m a n c e b y D e s i g n Document No. UDP::mss Returns the on-wire Maximum Segment Size (MSS) for a UDP connection. UDP::client_port Returns the client’s UDP port/service number. UDP::local_port Returns the local UDP port/service number. TCP::mss Returns the on-wire Maximum Segment Size (MSS) for a TCP connection. TCP::server_port Returns the server TCP port/service number. TCP::payload [<size>] Returns the accumulated TCP data content.: D-030-01-00-0007 .AX Series . TCP::offset Returns the position in the TCP data stream in which the collected TCP data starts.aFleX Script Components TABLE 4 aFleX Commands (Continued) Command Name and Description TCP::remote_port Returns the remote TCP port/service number.0 6/21/2010 . aFleX Scripting Language . You can omit the <value> argument if the header name does not collide with any of the subcommands. HTTP::header at <index> Returns the HTTP header that the system finds at the zero-based index value.aFleX Engine Ver. or pool. HTTP::fallback <host> Specifies or overrides the fallback host specified in the HTTP profile. STATS::clear server <server-name | ipaddr> [<port-num> <tcp | udp>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Clears statistics for a node. HTTP::header names Returns a list of all the headers present on the request or response. HTTP::header count Returns the number of HTTP headers present on the request or response. HTTP::path [<string>] Returns the path part of the HTTP request. HTTP::status Returns the response status code. Load Balancing (LB) HTTP Packet Header and Content Query P e r f o r m a n c e D e s i g n Document No. LB::down Temporarily marks the current real port down for 30 seconds. HTTP::header [value] <name> Returns value of the HTTP header named <name>. 2.aFleX Script Components TABLE 4 Command Type Statistics aFleX Commands (Continued) Command Name and Description STATS::get server <server-name | ipaddr> [<port-num> <tcp | udp>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Retrieves statistics for a node. HTTP::method Returns the type of HTTP request method.: D-030-01-00-0007 . HTTP::header exists <name> Returns true if the named header is present on the request or response. LB::status pool <pool_name> [member <ipaddr> [<port_num>]] [partition shared] Returns the health status of a pool. if specified) of the HTTP request.0 6/21/2010 b y 31 of 166 . LB::status node <ipaddr> [port <port_num> {tcp | udp}] Returns the health status of a node.Reference aFleX Basics . virtual server. virtual server. or pool. HTTP::host Returns the host name (and port.AX Series . LB::reselect [pool <pool-name> [<member>]] Reperforms server selection. starting at <offset> with <string>. Note: Use great caution when omitting the value of the content length. not including the HTTP headers.aFleX Script Components TABLE 4 aFleX Commands (Continued) Command Name and Description HTTP::version ["0. When the system collects the specified amount of data.AX Series . TCP::payload replace <offset> <length><data> Replaces collected payload with the given data. If you do not specify a size. TCP::collect <length> Causes TCP to start collecting the specified amount of content data. 2. HTTP::collect [<length>] Collects the amount of data that you specify with the [length] argument.9" | "1. doing so or using a value larger than the size of the actual length can stall the connection. HTTP::payload length Returns the size of the content that the command has collected thus far.0" | "1. TCP::release Causes TCP to resume processing the connection and to flush collected data.) TCP Header and Content Manipulation 32 of 166 P e r f o r m a n c e b y D e s i g n Document No. TCP::close Closes the connection. There is no need to use the HTTP::release command inside of the HTTP_REQUEST_DATA and HTTP_RESPONSE_DATA events. the data is implicitly released. Even though this is allowed in certain cases. HTTP::query [<string>] Returns the query part of the HTTP request. the system returns the collected content.aFleX Engine Ver. HTTP::close Inserts a Connection: Close header and close the HTTP connection.0 6/21/2010 . HTTP::payload <offset> <length> <string> Replaces the amount of content that you specified with the <length> argument.: D-030-01-00-0007 .Reference aFleX Basics . Command Type HTTP Packet Header and Content Query (cont.aFleX Scripting Language . since in these cases. it calls the Tcl event HTTP_REQUEST_DATA or HTTP_RESPONSE_DATA.1"] Returns the HTTP version of the request or response. HTTP::release Releases the collected data. HTTP::uri [<string>] Returns the complete URI of the request. HTTP::is_redirect Returns a true value if the response is a certain type of redirect. HTTP::is_keepalive Returns a true value if this is a Keep-Alive connection. HTTP::payload [<size>] Returns the content that the HTTP::collect command has collected thus far. 0 6/21/2010 b y 33 of 166 .v3. If the header is present. Note that this command sends the response to the client immediately. When the system runs the command on the client side. the command replaces the header. the content from the actual server is discarded and replaced with the information provided to this API. This command performs a header insertion if the header was not present. If you specify "lws". HTTP::redirect <url> Redirects a HTTP request or response to the specified URL. n2. Command Type HTTP Header and Content Manipulation P e r f o r m a n c e D e s i g n Document No. Note that because the system sends the response data immediately after this aFleX policy runs. n3. the command adds the header. HTTP::request_num Returns the number of HTTP requests that a client made on the connection.AX Series .Reference aFleX Basics . Therefore. the system adds linear white space to long header values. If you specify "lws". In such cases. you cannot specify this command multiple times in an aFleX. it sends the response to the client without any load balancing taking place.: D-030-01-00-0007 . v1. after you specify this command. nor can you specify any other commands that modify header or content. HTTP::header [value] <name> <string> Sets the value of the named header. v2. HTTP::header insert ["lws"] {n1. the system adds linear white space to long header values. the system treats the list as a list of name/ value pairs. HTTP::header remove <name> Removes the last occurrence of the named header from the request or response. HTTP::respond <status code> [content <content Value>] [<Header name> <Header Value>]+ This is a powerful API that allows users to generate or rewrite a client request or a server response. If the system runs the command on the server side.aFleX Scripting Language . otherwise. HTTP::header sanitize <header name>+ Removes all but the headers you specify. The exception to this is some essential HTTP headers. You can omit the <value> argument if the header name does not collide with any other values. we recommend that you not run any more aFleX policy after this API.aFleX Script Components TABLE 4 aFleX Commands (Continued) Command Name and Description HTTP::header insert ["lws"] <name> <value> Inserts the named HTTP header and its value into the end of the HTTP request or response. 2. HTTP::header replace <name> [<string>] Replaces the last occurrence of the named header with the string <string>.aFleX Engine Ver. …} Passes a Tcl list to insert into a header. aFleX Engine Ver.0 6/21/2010 .aFleX Script Components TABLE 4 aFleX Commands (Continued) Command Name and Description HTTP::cookie names Returns the names of all the cookies present in the HTTP header. HTTP::cookie [value] <name> [string] Sets or gets the cookie value of the given name. HTTP::cookie domain <name> [domain] Sets or gets the cookie domain. HTTP::cookie exists <name> Returns a true value if the cookie exists. HTTP::cookie count Returns the number of cookies present in the HTTP header.: D-030-01-00-0007 . HTTP::cookie ports <name> [portlist] Sets or gets the cookie port lists for V1 cookies. HTTP::cookie sanitize [attribute]+ Removes all but the specified attributes from the cookie. You can omit the value of this command if the cookie name does not collide with any of the other commands. HTTP::cookie version <name> [version] Sets or gets the version of the cookie. Command Type HTTP Cookie Manipulation – for Request Messages 34 of 166 P e r f o r m a n c e b y D e s i g n Document No.Reference aFleX Basics . HTTP::cookie path <name> [path] Sets or gets the cookie path. HTTP::cookie remove <name> Removes a cookie.AX Series .aFleX Scripting Language . The default value for the version is 0. 2. HTTP::cookie insert <name> <value> [path<path>] [domain <domain>] [version <0 | 1 | 2>] Adds or replaces a cookie. If you specify the absolute argument. HTTP::cookie remove <name> Removes a cookie. HTTP::cookie [value] <name> [string] Sets or gets the cookie value of the given name. cookies. 2. HTTP::cookie ports <name> [portlist] Sets/Gets the cookie port lists for Version 1 cookies. HTTP::cookie expires <name> [seconds] [absolute | relative] Sets or gets the expires attribute. HTTP::cookie commenturl <name> [commenturl] Sets or gets the comment URL.: D-030-01-00-0007 . HTTP::cookie insert <name> <value> [path] [domain] [version] Adds or replaces a cookie.aFleX Engine Ver. Applicable only to Version 1 cookies. HTTP::cookie version <name> [version] Sets or gets the version of the cookie. Applies to Version 0 cookies only. HTTP::cookie sanitize [attribute]+ Removes from the cookie all but the attributes you specify. the seconds value represents number of seconds since the UNIX epoch (January 1. HTTP::cookie domain <name> [domain] Sets/Gets the cookie domain. Command Type HTTP Cookie Manipulation – for Response Messages P e r f o r m a n c e D e s i g n Document No. which is the number of seconds from the current time. Applicable only to Version 1 cookies. HTTP::cookie discard <name> [enable | disable] Sets or gets the discard attribute. HTTP::cookie exists <name> Returns a true value if the cookie exists. 1970). Applicable only to Version 1 cookies. HTTP::cookie maxage <name> [seconds] Sets or gets the max-age. The default number of seconds is relative. HTTP::cookie secure <name> [enable | disable] Sets or gets the secure attribute. HTTP::cookie count Returns the number of cookies present in the HTTP header. HTTP::cookie path <name> [path] Sets or gets the cookie path.aFleX Script Components TABLE 4 aFleX Commands (Continued) Command Name and Description HTTP::cookie names Returns the names of all the cookies present in the HTTP header.aFleX Scripting Language . You can omit the value of this command if the cookie name does not collide with any of the other commands. The default value for the version is 0. HTTP::cookie comment <name> [comment] Sets or gets the cookie comment.AX Series . Applies to Version 1 cookies only.Reference aFleX Basics .0 6/21/2010 b y 35 of 166 . aFleX Script Components TABLE 4 aFleX Commands (Continued) Command Name and Description HTTP::request Returns a raw HTTP request. only the information at the specified index level is returned.aFleX Scripting Language . SIP::via [<index>] Gets the information in the SIP “via” header.Reference aFleX Basics . only the information at the specified index level is returned. Command Type HTTP Request SIP Header Query and Manipulation 36 of 166 P e r f o r m a n c e b y D e s i g n Document No. SIP::response phrase Gets the response phrase. if specified. SIP::call_id Returns the value of the Call-ID header in a SIP request. If you specify the <index>.AX Series . 2. SIP::header [<value>] “header-name” [<index>] Returns SIP header “header-name”. Without the <index> option. SIP::respond code <"phrase" <"header-name" "header-value">> Sends back a response with the specified code. The <value> option specifies the header value.: D-030-01-00-0007 . If you specify the <index>. SIP::uri Returns the complete URI of the request. the first instance of the header is acted upon by the aFleX policy. SIP::response code Gets the SIP response code.0 6/21/2010 . If you specify the <index>. SIP::from Returns the value of the “From” header in a SIP request. SIP::response rewrite code <phrase> Rewrites the response code and phrase. SIP::method Returns the type of the SIP request method. in cases where there are multiple header levels. SIP::via received [<index>] Gets the retrieved attribute of the SIP via at the specified index level. SIP::via proto [<index>] Gets the protocol part of the SIP via at the specified index level. The <index> option indicates the header to act upon. and header-name:header-value pair. HTTP::retry Resends an HTTP request to the server.aFleX Engine Ver. SIP::via sent_by [<index>] Gets the sent_by part of the SIP via at the specified index level. SIP::to Returns the value of the “To” header in the SIP request. If you specify the <index>. only the information at the specified index level is returned. only the information at the specified index level is returned. phrase. SIP::via ttl [<index>] Gets the TTL attribute of the SIP via at the specified index level. If you specify the <index>.Reference aFleX Basics .AX Series . only the information at the specified index level is returned. returns the result code of the peer certificate verification.509 certificate. only the information at the specified index level is returned. SSL::cert <level> Returns SSL certificate with the specified level in the certificate chain. X509::not_valid_after Returns the not-valid-after date of an X. Level is 0-based. X509::subject Returns the subject of the certificate. X509::verify_cert_error_string <error_code> Returns the error string for the specified error code.aFleX Scripting Language . If <result_code> is specified. Command Type SIP Header Query and Manipulation (cont.509 certificate. sets the result code. SSL::cert mode <“request” | “require” | “ignore” | “auto”> Sets the certificate mode.509 certificate.: D-030-01-00-0007 . This setting overrides the mode setting in the template.0 6/21/2010 b y 37 of 166 .509 certificate. POLICY::bwlist id id <ip> [<bwlist_name>] Returns the group ID associated with an IP address in a black/white list. Only the client side is supported. If you specify the <index>. SSL::cert issuer <level> Returns the issuer of the certificate with the specified level.509 P e r f o r m a n c e D e s i g n Document No. X509::serial_number Returns the serial number of an X. SSL::cert count Returns the number of certificates in the certificate chain. X509::issuer Returns the issuer of the X.aFleX Script Components TABLE 4 aFleX Commands (Continued) Command Name and Description SIP::via branch [<index>] Gets the branch attribute of the SIP via at the specified index level. as an OpenSSL X509 error string.) Policy-Based SLB Query SSL and X. X509::version Returns the version number of an X. X509::not_valid_before Returns the not-valid-before date of an X.509 certificate. SIP::via maddr [<index>] Gets the maccadr attribute of the SIP via at the specified index level. SSL::verify_result [<result_code>] If <result_code> is not specified. SSL::sessionid Returns the current SSL session ID.aFleX Engine Ver. 2. Reference aFleX Basics .AX Series . getfield Splits a string on a character.aFleX Script Components TABLE 4 Command Type Deep packet inspection aFleX Commands (Continued) Command Name and Description findstr Finds the string <search_string> within <string> and returns a sub-string based on the <skip_count> and <terminator> from the matched location. 38 of 166 P e r f o r m a n c e b y D e s i g n Document No. and returns the string corresponding to the specific field.: D-030-01-00-0007 .0 6/21/2010 . domain Parses the string <string> as a dotted domain name and return the last <count> portions of the domain name. 2.aFleX Scripting Language .aFleX Engine Ver. substr Returns a sub-string <string> based on the values of <skip_count> and <terminator>. The editor also retrieve existing aFleX scripts from an AX device as well as save aFleX scripts back to the AX device after editing. aFleX Policy Editor is supported only on Windows platform systems.AX Series .aFleX Scripting Language . aFleX Policy Editor aFleX Policy Editor provides a separate programming environment for offline development of aFleX policies.aFleX Engine Ver.0 6/21/2010 b y 39 of 166 . and offers templates to quickly create new scripts.Reference aFleX Policy Editor . and features the following functions: • Download • Upload • New • Delete • Save • Import • Export • Reset P e r f o r m a n c e D e s i g n Document No. is PC-based for easy support. 2.Overview aFleX Policy Editor Overview aFleX Policy Editor is an application that enables you to easily create and edit aFleX scripts.: D-030-01-00-0007 . aFleX Policy Editor also provides templates to quickly create new scripts. aFleX Engine Ver. Bookmarks. Paste. 2. Undo. Output Window 40 of 166 P e r f o r m a n c e b y D e s i g n Document No.Overview FIGURE 3 aFleX Policy Editor – new aFleX name field and template list Scripting Functions • Edit Functions • Cut. End of Line. Select All. Go To Line • View Functions • Line Numbers. Hot Spots • Status Bar. Copy. Indentation Guide. Find Next. Fold Margin. Delete. Replace.aFleX Scripting Language .Reference aFleX Policy Editor .AX Series . Redo • Search Functions • Find.0 6/21/2010 . Word Wrap • White Space. Margin. Auto Complete. Find Previous.: D-030-01-00-0007 . you can put the directory “aFleXEditor” wherever you like on any Windows system and modify the shortcut or create a new shortcut accordingly.Overview FIGURE 4 aFleX Policy Editor – main editor screen Installing and Starting aFleX Policy Editor aFleX Policy Editor Installation 1. 3. You can create a shortcut to aFleX Policy Editor by dragging the existing shortcut from the copied folder to wherever you want the shortcut to be.: D-030-01-00-0007 .aFleX Scripting Language . 2.Reference aFleX Policy Editor .aFleX Engine Ver. 2. Optionally. P e r f o r m a n c e D e s i g n Document No. Copy the directory “aFleXEditor” from the AX Documentation CD to the “Program Files” directory on a Windows platform PC. To start aFleX Policy Editor: Click on the shortcut to start aFleX Policy Editor.AX Series .0 6/21/2010 b y 41 of 166 . for example to the taskbar or desktop. ) The aFleX Template window appears where you can select from a list of aFleX templates.Editing aFleX Scripts – Getting Started aFleX Policy Editor Features Working with aFleX Policy Editor. • When you exit. 42 of 166 P e r f o r m a n c e b y D e s i g n Document No. • Save aFleX scripts to a local workstation.0 6/21/2010 .aFleX Scripting Language . (See Figure 5. the aFleX Policy Editor window has the following main parts: • Menu bar – to select menu-based aFleX Policy Editor commands • Icon bar – to select icon-based aFleX Policy Editor commands • Download Files (top-left frame) – to access aFleX files on an AX device • Local Files (lower-left frame) – to access aFleX files on a workstation • Editor (top-right frame) – panel in which to edit aFleX files • Output (lower-right frame) – shows the status of file transfers and more • Status bar (bottom bar) – shows the current aFleX Policy Editor status Editing aFleX Scripts – Getting Started Create an aFleX Script To begin using aFleX Policy Editor to create an aFleX script. you can: • Download aFleX scripts from the AX device. • Create new aFleX scripts. click the New icon or select File > New aFleX. • Edit scripts and upload them back onto the AX device. 2. the aFleX list in the Local Files frame is saved. Below the menu and icons.AX Series .Reference aFleX Policy Editor .: D-030-01-00-0007 . • Use aFleX Policy Editor templates to simplify script creation.aFleX Engine Ver. enter a unique name into the name field of the aFleX Template window. 2. With the addition of parameters for your specific AX Series application.Reference aFleX Policy Editor .aFleX Scripting Language . and click the OK button. These templates offer pre-configured aFleX command modules required for typical AX Series applications and are named accordingly.: D-030-01-00-0007 .AX Series .0 6/21/2010 b y 43 of 166 .aFleX Engine Ver. an aFleX policy can be quickly constructed. To use a template to create a new aFleX policy. P e r f o r m a n c e D e s i g n Document No.Editing aFleX Scripts – Getting Started FIGURE 5 aFleX Policy Editor – main editor screen aFleX Templates The aFleX Template window offers a list of aFleX templates. select a template from the list below the name field. aFleX Scripting Language . The rest of this chapter explains how to use the editor itself.: D-030-01-00-0007 . You can then begin scripting using the aFleX commands.Reference aFleX Policy Editor .Editing aFleX Scripts – Getting Started FIGURE 6 aFleX Policy Editor – templates Need a function not shown in the aFleX Templates? You can create a custom aFleX script. and then click OK. 44 of 166 P e r f o r m a n c e b y D e s i g n Document No. 2. open one and look up its commands in the reference chapter: “Command Reference” on page 67.aFleX Engine Ver. The new script is added to the Local Files list and is opened in the Editor frame. Enter a unique name for the new script.0 6/21/2010 .AX Series . The new script will be empty because the BLANK template was selected. select the BLANK template. To better understand templates. Editing aFleX Scripts – Getting Started Connect to an AX Device – aFleX File Transfer Use aFleX Policy Editor’s Connect AX. to log onto the AX device.aFleX Scripting Language .aFleX Engine Ver.0 6/21/2010 b y 45 of 166 . and admin username and password.Reference aFleX Policy Editor .: D-030-01-00-0007 . You must enter the AX hostname or IP address.AX Series . or Import/ Export options to transfer aFleX scripts between an AX device and the editor. FIGURE 7 Connection to the AX device View aFleX Scripts To view scripts in the aFleX Policy Editor. File Download/Upload. FIGURE 8 Download aFleX policy from AX device P e r f o r m a n c e D e s i g n Document No. use the File/Download function to access the file within the aFleX Policy Editor. 2. aFleX Scripting Language . FIGURE 9 Viewing an aFleX policy in the Editor frame 46 of 166 P e r f o r m a n c e b y D e s i g n Document No.Reference aFleX Policy Editor . Click on a file name in the AX Files list to view its contents in the Editor frame.AX Series .: D-030-01-00-0007 .Editing aFleX Scripts – Getting Started Downloaded files can be seen in the AX Files list.0 6/21/2010 . 2.aFleX Engine Ver. : D-030-01-00-0007 . Set Line Number Color.aFleX Engine Ver. 2. Set Text Color.Reference aFleX Policy Editor . Detailed descriptions of the functions follow. Redo. Set Background Color. Rename. Export aFleX. Find Previous. After you click OK. Book Marks. Select All Search Menu • Find. Replace.aFleX Scripting Language . and admin username and password. Delete aFleX. a window pops up and asks you to enter the hostname or IP address.0 6/21/2010 b y 47 of 166 . Cut. Import aFleX.Menu Functions Menu Functions Overview This section provides a list of all menu items. Find Next. Paste. Delete. Download. Exit Edit Menu • Undo. Set Keyword Color. Set Comment Color. Auto Complete. New aFleX. Reset. Word Wrap.AX Series . File Menu The editor includes the following script handling functions in the File menu: • Connect/Disconnect. the connection status changes to “Connected” and all the aFleX policies on the AX device are automatically shown in the Download Files P e r f o r m a n c e D e s i g n Document No. Margin. Output Window Options Menu • Font. Upload. Status Bar. Save. Indentation Guides. Go To Line View Menu • Line Numbers. Last Setting Help Menu • About aFlex Editor File Functions Connect AX / Disconnect AX If you select File > Connect AX. White Space. Fold Margin. Copy. End of Line. and username and password. to re-establish the connection to the AX. all the aFleX policies previously shown in the Download Files frame disappear and the connection status is changed to “Disconnected”. The new aFleX policy is added to the Local Files list and is opened in the editor frame.0 6/21/2010 .aFleX Engine Ver. New aFleX File > New aFleX Note: For information on aFleX scripts and commands. no window will pop up. see “aFleX Policy Examples” on page 63 and “Command Reference” on page 67. After you are connected. a window pops up to ask you to input the hostname or IP address. If you select File > Disconnect or click the Disconnect button. From this point on. The file list in the Local Files frame is updated. then click OK. a window will pop up where you can select an aFleX Template. you can manipulate aFleX policies on the AX device. the Upload menu item is disabled. Upload File > Upload If you click Upload. 2. Enter a unique name for the new aFleX. the currently selected Local File is uploaded to the AX device and listed in the AX Files frame. The Local Files window generates the new file and opens it in the editor frame.AX Series .Reference aFleX Policy Editor . type the new aFleX policy name and click OK. Using the BLANK aFleX Template • You can also create aFleX scripts from the BLANK template. If the current status of the AX is “Connected”. the Connect menu option and button both change to “Disconnect”.aFleX Scripting Language .) After you select a template. Download File > Download If you click Download and the AX device is disconnected. Using an aFleX Template • If you click the New icon.Menu Functions frame. select the BLANK template from the list of templates.: D-030-01-00-0007 . 48 of 166 P e r f o r m a n c e b y D e s i g n Document No. If the AX device is disconnected. (See Figure 5 on page 43. nothing is deleted.aFleX Engine Ver. If an aFleX file is currently selected within the Local Files frame. Save File > Save If a currently selected aFleX file is located in the AX Files frame. it is saved to the local workstation.AX Series . Export File > Export If you click Export.aFleX Scripting Language .Menu Functions Delete Rule File > Delete Rule If no aFleX file is currently selected. a window pops up where you can select a file and import it into the aFleX Policy Editor. it is deleted from the AX file list. If the response message from the AX system indicates success.0 6/21/2010 b y 49 of 166 . the currently selected aFleX file can be renamed. or equal to the name of another file.Reference aFleX Policy Editor . The Local Files frame adds the file and opens it in the Editor frame. the selected file is deleted from the local workstation. P e r f o r m a n c e D e s i g n Document No. If an aFleX file is currently selected in the AX Files frame. a window pops up where you can select a local path to which to export the currently selected file. Import File > Import If you click Import. the file will also be deleted from the Local Files. 2. and the next item in the list is automatically selected. Rename File > Rename If you click Rename. it is saved to the AX device.: D-030-01-00-0007 . The new name should not be equal to the existing name shown in the aFleX Policy Editor. If a currently selected aFleX file is located in the Local Files frame. aFleX Scripting Language . • To continue working in aFleX Policy Editor. If the currently selected file is located in the AX Files frame. an alert window pops up.Menu Functions Reset File > Reset Restores the currently selected file to its state before user modifications. click No. Standard Windows keyboard shortcuts can also be used for these commands. if the cursor is active within the Editor frame. Cut / Copy / Paste / Delete Edit > Cut / Copy / Paste / Delete The Cut.AX Series . Edit Menu Functions Undo / Redo Edit > Undo / Redo The Undo and Redo actions are for undo or redo of changes to text. Paste. Exit File > Exit If you click File > Exit. Standard Windows keyboard shortcuts can also be used for these commands.0 6/21/2010 .aFleX Engine Ver. Select All Edit > Select All Select Edit > Select All or ctrl+A to select all text in the Editor frame. Copy.: D-030-01-00-0007 . • To exit aFleX Policy Editor. if the cursor is active within the Editor frame. it resets to the initial file state just generated through the New action. click Yes. If the currently selected file is located in the Local Files frame. and Delete commands are for modifying text.Reference aFleX Policy Editor . 50 of 166 P e r f o r m a n c e b y D e s i g n Document No. the Reset command resets it to the initial file state when last downloaded. 2. a Find window pops up. type the string you want to replace. If you want to find the next occurrence of the string. In the Search for field.aFleX Engine Ver. You can click the Next match or the Previous match button to locate another occurrence of the string to be replaced. the Search and Replace window pops up. Click the Find or Mark All button: • If the term can be found in the text. To find the previous occurrence of the string.: D-030-01-00-0007 . an alert window will pop up. type the new string. In the Replace with field.aFleX Scripting Language . FIGURE 10 Search > Find Replace Search > Replace If you select Search > Replace.Menu Functions Search Menu Functions Find / Find Next / Find Previous Search > Find / Find Next / Find Previous If you select Search > Find or press ctrl+F. The find window will close. 2. press F3. P e r f o r m a n c e D e s i g n Document No. it will be highlighted. • If the term can not be found.0 6/21/2010 b y 51 of 166 .AX Series . press shift+F3. You can type a string of up to 250 characters in the Find what field.Reference aFleX Policy Editor . aFleX Scripting Language .aFleX Engine Ver.Menu Functions • If the string is found. a window pops up where you can type a line number into the Go To Line field.: D-030-01-00-0007 .AX Series . • If the term can not be found. 2. FIGURE 11 Search > Replace Replaces options include: • Match case – searches for text in case-sensitive mode.Reference aFleX Policy Editor . Click OK to navigate to that line in the currently open file. it will be highlighted.0 6/21/2010 . replaces only within the selection. • Regular expressions – searches for regular expressions (regex) entered into the Search for field. • Replace in selection only – select search text before starting. an alert indicates that no match could be found. Click either Replace or Replace All. • Match whole word – does not find words where the search string is only part of the word. 52 of 166 P e r f o r m a n c e b y D e s i g n Document No. Go to Line Search > Go To Line If you select Go To Line. aFleX Engine Ver.Reference aFleX Policy Editor .0 6/21/2010 b y 53 of 166 . View Fold Margin View > Fold Margin Use this menu command to display or hide the Fold Margin where the +/symbols can be use to expand and collapse aFleX events. View Margin View > Margin Use this menu command to display or hide the Editor frame Margin between the Editor frame’s Line Numbers column and its Fold Margin column.AX Series . View Word Wrap View > Word Wrap This menu command enables/disables word wrap in the Editor frame’s.Menu Functions FIGURE 12 Search > Go To Line View Menu Functions View Line Number View > Line Number Use this menu command to display or hide Line Numbers in the editor. P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 . 2. View Indention Guides View > Indentation Guides Use this menu command to display or hide the Indentation Guides.aFleX Scripting Language . 2.0 6/21/2010 . View Output Window View > Output Window This menu command enables/disables display of the Output frame.Reference aFleX Policy Editor .aFleX Scripting Language . the bookmarks indicate the line that contains the error.AX Series . If an aFleX policy has a syntax error or definition error. The bookmarks can be displayed only when you update an aFleX policy on the AX device. View End of Line View > End of Line This menu command enables/disables display of End of Line (LF and CRLF) markers in the Editor frame.aFleX Engine Ver. View Status Bar View > Status Bar This menu command enables/disables display of the Editor frame’s status bar.: D-030-01-00-0007 . View Book Marks View > Book Marks This menu command enables/disables bookmarks in the Editor frame. 54 of 166 P e r f o r m a n c e b y D e s i g n Document No.Menu Functions View White Space View > White Space This menu command enables/disables marking of white space in the Editor frame. 0 6/21/2010 b y 55 of 166 .aFleX Scripting Language . Set Background Color Options > Set Background Color This menu command is used to set the Editor frame’s color for the background. 2. My Last Setting Options > My Last Setting This menu command restores your last setting from your previous session. P e r f o r m a n c e D e s i g n Document No. Set Text Color Options > Set Text Color This menu command is used to set the Editor frame’s font color for the main text.aFleX Engine Ver.Reference aFleX Policy Editor . Set Keyword Color Options > Set Keyword Color This menu command is used to set the Editor frame’s font color for keyword text.AX Series .: D-030-01-00-0007 . Set Comment Color Options > Set Comment Color This menu command is used to set the Editor frame’s font color for comment text.Menu Functions Options Menu Functions Font Options > Font This menu command is used to set the font style for the Editor frame text. Set Line Number Color Options > Set Line Number Color This menu command is used to set the Editor frame’s font color for the line numbers. 0 6/21/2010 .: D-030-01-00-0007 . Delete.Help Menu Functions Help Menu Functions About aFleX Editor Help > About aFleX Editor This command displays the aFleX Policy Editor version and contact information. the status bar displays a status message to indicate the result of that action.aFleX Engine Ver.aFleX Scripting Language . 56 of 166 P e r f o r m a n c e b y D e s i g n Document No. Status Window When you perform an action such as Download. Other aFleX Policy Editor Functions Drag and Drop File Function You can drag-and-drop files between the AX Files frame and the Local Files frame to upload and download. Upload. Download Dragging a file from the AX Files frame to the Local Files frame is equivalent to using the download command to copy a file from the AX device to the local workstation. Upload Dragging a file from the Local Files frame to the AX Files frame is equivalent to using the upload command to copy a file to the AX device from the local workstation.AX Series . 2. or Reset.Reference aFleX Policy Editor . For this example.AX Series .Using the CLI Importing and Binding aFleX Scripts To use an aFleX policy: 1. see “aFleX Policy Editor” on page 39.0 6/21/2010 b y 57 of 166 . Using the CLI 1. 2. You can create the aFleX policy using the aFleX Policy Editor. 2. or using a text editor on a PC. the following aFleX policy is imported: when HTTP_REQUEST { if {[HTTP::uri] contains “business”} { pool http-sg1 } elseif {[HTTP::uri] contains “sports”} { Pool http-sg2 } } P e r f o r m a n c e D e s i g n Document No. by typing it into a GUI tab. Import the aFleX policy onto the AX device. Bind the aFleX policy to one or more virtual ports. use any text editor to create an aFleX script and save it locally. On a PC that supports TFTP.Reference Importing and Binding aFleX Scripts .afx” at the end of the file name.: D-030-01-00-0007 .afx 2. use the CLI command import aflex to import the aFleX policy file onto the AX device.aFleX Engine Ver. SCP or RCP. FTP. You can bind the aFleX policy to a virtual port using the GUI or CLI. Use the CLI command aflex under virtual port configuration to bind it with a virtual port. For information about using the aFleX Policy Editor. CLI Example This example shows how to import an aFleX policy onto the AX device and bind it to a virtual port. Example: /aflex/test. Use extension “. or the CLI to import the aFleX policy. The following sections show examples for the CLI and GUI. On the AX device. 3. the GUI. You can use aFleX Policy Editor.aFleX Scripting Language . 3. Create the aFleX policy. 0 6/21/2010 . with an admin account that has read-write privileges. A CLI prompt appears: AX> Note: See the AX Series CLI Reference if you need information on using the CLI.9.9. Access the configuration mode: AX#config AX(config)# 4. Configure nodes (real servers and server ports): AX(config)#slb AX(config-real AX(config-real AX(config-real AX(config-real AX(config)#slb AX(config-real AX(config-real AX(config-real AX(config-real AX(config)#slb AX(config-real AX(config-real AX(config-real AX(config-real AX(config)#slb AX(config-real AX(config-real AX(config-real AX(config-real AX(config)# server node100 10. Log onto the AX device through the CLI.9.: D-030-01-00-0007 .9. Access the Privileged EXEC mode: AX>enable Password:*** AX# 3.100 server)#port 80 tcp server-node port)#health-check server-node port)#exit server)#exit server node101 10.10.103 server)#port 80 tcp server-node port)#health-check server-node port)#exit server)#exit no no no no 58 of 166 P e r f o r m a n c e b y D e s i g n Document No.10. 2.102 server)#port 80 tcp server-node port)#health-check server-node port)#exit server)#exit server node103 10.10.aFleX Engine Ver.AX Series .10. 2.101 server)#port 80 tcp server-node port)#health-check server-node port)#exit server)#exit server node102 10.Using the CLI 1.Reference Importing and Binding aFleX Scripts .aFleX Scripting Language . 0 6/21/2010 b y 59 of 166 . Done.AX Series .afx User name []?*** Password []?*** Importing .. If any syntax errors are found.aFleX Engine Ver.1. Configure service groups: AX(config)#slb service-group http-sg1 tcp AX(config-slb service group)#member node100:80 AX(config-slb service group)#member node101:80 AX(config-slb service group)#exit AX(config)#slb service-group http-sg2 tcp AX(config-slb service group)#member node102:80 AX(config-slb service group)#member node103:80 AX(config-slb service group)#exit AX(config)# 6.Using the CLI 5. 7.168. use the show aflex aflex-name command: AX(config)#show aflex my_aflex when HTTP_REQUEST { if {[HTTP::uri] contains “business”} { pool http-sg1 } elseif {[HTTP::uri] contains “sports”} { Pool http-sg2 } } P e r f o r m a n c e D e s i g n Document No. the AX device checks for syntax errors. Use the show aflex command to list the aFleX policies imported onto the AX device: AX(config)#show aflex Total aFleX number: 1 Name Syntax Virtual port -----------------------------------------------------------my_aflex Check No 8.: D-030-01-00-0007 . error messages are displayed.aFleX Scripting Language . To display the aFleX policy.afx”) onto the AX device and rename it “my_aflex”: AX(config)#import aflex my_aflex scp://192. 2. You can modify an aFleX policy and import it again until it passes the syntax check. Use the import command to import the aFleX policy (“test.Reference Importing and Binding aFleX Scripts . AX(config)# While importing the aFleX policy..118/aflex/test. .9.9.8. Show the aFleX policy list again to verify that the aFleX policy is now bound to a virtual port: AX(config)#show aflex Total aFleX number: 1 Name Syntax Virtual port -----------------------------------------------------------my_aflex Check Yes 11.100 port 80 tcp health-check no slb server node101 10...10.10.0 6/21/2010 .AX Series .101 port 80 tcp health-check no slb server node102 10...10.8.: D-030-01-00-0007 .Using the CLI 9. Show the running-config: AX(config)#show running-config .102 port 80 tcp health-check no slb server node103 10.10..aFleX Engine Ver.aFleX Scripting Language .30 AX(config-slb virtual server)#port 80 http AX(config-slb virtual server-slb virtua.9.Reference Importing and Binding aFleX Scripts .103 port 80 tcp health-check no ! slb service-group http-sg1 tcp member node100:80 member node101:80 slb service-group http-sg2 tcp member node102:80 member node103:80 ! slb virtual-server v30 10. 2..9..)#exit AX(config-slb virtual server)#exit AX(config)# 10.10.10.30 port 80 http aflex my_aflex ! . AX(config)# P e r f o r m a n c e b y D e s i g n 60 of 166 Document No.)#aflex my_aflex AX(config-slb virtual server-slb virtua. slb server node100 10. Configure a virtual server and bind the aFleX policy to a virtual port on the virtual server: AX(config)#slb virtual-server v30 10. AX Series - aFleX Scripting Language - Reference Importing and Binding aFleX Scripts - Using the GUI Using the GUI 1. Select Config > Service > aFleX, then click New. The aFleX tab appears. (See Figure 13.) 2. Enter a name for the aFleX policy in the Name field. 3. Enter the aFleX policy text into the Definition field. 4. Click OK to save the aFleX policy. Note: You can click on the name of an existing aFleX policy to edit it in the GUI. You can delete an existing aFleX policy by selecting the checkbox located on the left of its name, then clicking the Delete button. 5. To bind the aFleX policy to a virtual port: a. Select Config > Service > Server, then select Virtual Server. b. Click on a virtual server name or click New to add a new one. c. If you are configuring a new virtual server, enter the name and IP address. d. Click Port to display the Port tab. e. Select a port and click, or click New to add a new port. The Virtual Server Port tab appears. f. Select the aFleX policy from the aFleX drop-down list. (See Figure 14.) g. Click OK. h. Click OK again. FIGURE 13 Config Mode > Service > aFleX > New P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y 61 of 166 AX Series - aFleX Scripting Language - Reference Importing and Binding aFleX Scripts - Using the GUI FIGURE 14 Config Mode > Service > Server > Virtual Server > Port 62 of 166 P e r f o r m a n c e b y D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 AX Series - aFleX Scripting Language - Reference aFleX Policy Examples - Simple aFleX Policy aFleX Policy Examples This section provides practical examples of aFleX policies based on real world traffic management applications. It is intended to provide an introduction to working with aFleX policies. If you would like additional assistance with scripting in aFleX, contact our support team. Simple aFleX Policy The following aFleX script is a simple example. Example: when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 10.1.1.80 ] } { pool my_pool } } This aFleX policy uses the default CLIENT side association to the REMOTE_ADDR. Because the CLIENT_ACCEPTED event has a default context of clientside, the IP::remote_addr field is automatically assigned to clientside. Redirecting HTTP Requests aFleX scripts can be used to redirect HTTP requests to a specific location using the HTTP::redirect command. The target location can be a server name or a URI. P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y 63 of 166 0 6/21/2010 .AX Series .Redirecting HTTP Requests Example: This aFleX script specifies that the return status "Not Found" HTTP request is to be redirected to a different protocol – HTTPS instead of HTTP.: D-030-01-00-0007 . but the site you are looking for is temporarily out of service.aFleX Scripting Language .<br>If you feel you have reached this page in error.com" } } Example: This aFleX script presents an apology page if a 404 error occurs.siterequest.Reference aFleX Policy Examples . when HTTP_RESPONSE { if { [HTTP::status] contains "404"} { HTTP::respond 200 content "<html><head><title>Apology Page</title></ head><body>We are sorry.aFleX Engine Ver.<p></body></html>" } } 64 of 166 P e r f o r m a n c e b y D e s i g n Document No. when HTTP_RESPONSE { if { [HTTP::status] contains "404"} { HTTP::redirect "https://www. 2. please try again. aFleX Scripting Language .Reference aFleX Policy Examples .aFleX Engine Ver. 2.Data Persistence Data Persistence when HTTP_REQUEST { if {[HTTP::cookie exists "CustomerIP"] and [HTTP::cookie exists "CustomerPort"]} { set cookie_not_exist 0 # Direct traffic by the cookie node [HTTP::cookie "CustomerIP"] [HTTP::cookie "CustomerPort"] } else { set cookie_not_exist 1 # Save the cookie path and direct the traffic by URI if {[HTTP::uri] contains "/myweb/"} { set cookie_path "/myweb" pool http-sg1 } elseif {[HTTP::uri] contains "/myprint/ "} { set cookie_path "/myprint" pool http-sg2 } else { set cookie_path "/unexpected" pool http-sg3 } } } when HTTP_RESPONSE { if {$cookie_not_exist} { # Add path to the persistent cookie HTTP::cookie insert name "CustomerIP" value [IP::server_addr] path $cookie_path HTTP::cookie insert name "CustomerPort" value [TCP::server_port] path $cookie_path } } P e r f o r m a n c e D e s i g n Document No.0 6/21/2010 b y 65 of 166 .: D-030-01-00-0007 .AX Series . : D-030-01-00-0007 .aFleX Scripting Language .Reference aFleX Policy Examples .aFleX Engine Ver.Data Persistence 66 of 166 P e r f o r m a n c e b y D e s i g n Document No. 2.AX Series .0 6/21/2010 . 0 6/21/2010 b y 67 of 166 . This variable cannot be set or read by any other aFleX policies. Prefix :: Scope Applies only to the current aFleX policy. Events The following subsections describe the aFleX events. ::global:: Applies to all aFleX policies.: D-030-01-00-0007 . P e r f o r m a n c e D e s i g n Document No.Reference Global Events .AX Series . This variable can be set or read by all aFleX policies on the AX device. 2. it can be removed only by an unset command. or exclusively for that particular aFleX policy.aFleX Scripting Language . the RULE_INIT event can initialize a system variable on a global basis for all aFleX policies.aFleX Engine Ver. Once the variable is defined. The prefix placed before RULE_INIT specifies whether to initialize the variable for all aFleX policies. Note: Unbinding an aFleX policy will not remove the variable. Within an aFleX policy. Global Events RULE_INIT Initializes global system variables.RULE_INIT Command Reference aFleX scripts consist of three basic elements: • Events • “Operators” on page 76 • “Commands” on page 83 These elements are described in detail in subsequent sections. or only the current aFleX policy. : D-030-01-00-0007 . the method.aFleX Scripting Language . Example: when HTTP_REQUEST { if { [HTTP::uri] contains "secure"} { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } } Example: If a client request URI contains the string "secure". and all headers. version. URI.HTTP_REQUEST Example: when RULE_INIT { # define per-aFleX global variable ::request_count # This variable is to count the # of HTTP_REQUEST hits by this aFleX policy set ::request_count 0 # define per-system global variable ::global::ax_request_count # This variable is to count the total number of HTTP_REQUEST hits # in the AX system set ::global::ax_request_count 0 # Remove per aFleX global variable ::remove_var1 unset ::remove_var1 } when HTTP_REQUEST { incr ::request_count incr ::global::ax_request_count } HTTP Events HTTP_REQUEST Triggered when the system fully parses a complete client request header (that is. redirect to the client to HTTPS. when HTTP_REQUEST { if { [HTTP::uri] contains "secure"} { HTTP::redirect https:// [HTTP::host][HTTP::uri] } } 68 of 166 P e r f o r m a n c e b y D e s i g n Document No. 2.Reference HTTP Events .AX Series . not including the body).aFleX Engine Ver.0 6/21/2010 . AX Series . HTTP::request_num. HTTP::version. HTTP::uri. Example: when HTTP_REQUEST_SEND { HTTP::collect 12 } P e r f o r m a n c e D e s i g n Document No. use service group doc-pool. If the request URI contains the string "Docdir". when HTTP_REQUEST { if { [HTTP::uri] contains "Webdir" } { pool app-pool } elseif { [HTTP::uri] contains "Docdir" } { pool doc-pool } } Related Information Available Commands HTTP::cookie. HTTP::host. HTTP::respond.Reference HTTP Events . HTTP::uri. HTTP::fallback. URI::query HTTP_REQUEST_DATA Triggered whenever an HTTP::collect command finishes processing. HTTP::redirect. HTTP::request. HTTP::is_keepalive. HTTP::is_redirect.HTTP_REQUEST_DATA Example: If a client request uri contains the string "Webdir". HTTP::method. HTTP::request_num. HTTP::respond.aFleX Scripting Language . HTTP::release. HTTP::header. HTTP::payload. use service group app-pool.: D-030-01-00-0007 . HTTP::release. HTTP::query.0 6/21/2010 b y 69 of 166 . HTTP::request. 2. HTTP::query. HTTP::redirect. after collecting the requested amount of request data. HTTP::disable. HTTP::path. HTTP::version HTTP_REQUEST_SEND Triggered immediately before a request is sent to a server. HTTP::host. pool. This is a serverside event. HTTP::path. Related Information Available Commands HTTP::fallback.aFleX Engine Ver. HTTP::method. HTTP::is_keepalive. HTTP::is_redirect. siterequest. HTTP::is_keepalive.com/" } } Related Information Available Commands: HTTP::cookie. HTTP::redirect. IP::local_addr. IP::local_addr.HTTP_RESPONSE Related Information Available Commands: HTTP::header. Also triggered if the server closes the connection before the HTTP:collect command finishes processing.aFleX Scripting Language .AX Series . HTTP::header. Note: HTTP_RESPONSE is specific to a SERVER response passing through the load balancer. HTTP::version. 70 of 166 P e r f o r m a n c e b y D e s i g n Document No. HTTP::is_redirect. HTTP::release. after collecting the requested amount of response data. HTTP::respond. HTTP::host. HTTP::payload.aFleX Engine Ver.0 6/21/2010 . HTTP::retry. HTTP::request_num. URI::query HTTP_RESPONSE_CONTINUE Triggered whenever the system receives a 100 Continue response from the server. 2.: D-030-01-00-0007 . and is not triggered for locally-generated responses. Example: when HTTP_RESPONSE { if { [HTTP::status] contains "404"} { HTTP::redirect "http://www.Reference HTTP Events . IP::server_addr. HTTP::payload. HTTP::status. IP::server_addr HTTP_RESPONSE Triggered when the system parses all of the response status and header lines from the server response. HTTP_RESPONSE_DATA Triggered whenever an HTTP::collect command finishes processing on the server side of a connection. and UDP Events CLIENT_ACCEPTED Triggered when a client has established a connection. HTTP::is_redirect.0 6/21/2010 b y 71 of 166 .aFleX Scripting Language .AX Series . Note: For UDP (and only UDP)." HTTP::payload replace 0 $clen $fixeddata HTTP::release } Example: when HTTP_RESPONSE { HTTP::collect [HTTP::header Content-Length] } when HTTP_RESPONSE_DATA { set clen [HTTP::payload length] set newdata "Sorry.: D-030-01-00-0007 . This website is temporarily unavailable.CLIENT_ACCEPTED Example: when HTTP_RESPONSE_DATA { regsub "oursite" [HTTP::payload] "oursitedev" fixeddata log "Replacing payload with fixed data. 2. TCP. and UDP Events .aFleX Engine Ver. the CLIENT_ACCEPTED event is triggered on the first UDP packet received. Example: when CLIENT_ACCEPTED { set curtime [TIME::clock seconds] set formattedtime [clock format $curtime -format {%H:%S} ] log "the time is: $formattedtime" } P e r f o r m a n c e D e s i g n Document No. HTTP::retry. TCP. HTTP::status. HTTP::version IP. HTTP::redirect. HTTP::release.Reference IP. HTTP::request_num." HTTP::payload replace 0 $clen $newdata HTTP::respond 200 content [HTTP::payload] } Related Information Available Commands HTTP::is_keepalive. HTTP::respond. Example: when CLIENT_CLOSED { if { [info exists ::active_clients($client_ip)] } { incr ::active_clients($client_ip) -1 if { $::active_clients($client_ip) <= 0 } { unset ::active_clients($client_ip) } } } Related Information Available Commands IP::local_addr CLIENT_DATA Triggered when new data is received from the client while the connection is in a collect state.AX Series . IP::tos.aFleX Scripting Language .0/24 " } } Related Information Available Commands IP::client_addr.CLIENT_CLOSED Example: when CLIENT_ACCEPTED { if { [IP::addr [client_addr] equals 192. the CLIENT_DATA event is automatically triggered for each UDP packet received. 2.168.217.Reference IP. regardless of protocol.168. serverside. pool. Note: For UDP (and only UDP). IP::remote_addr. IP::local_addr.0/24] } { discard log "discard client from 192. 72 of 166 P e r f o r m a n c e b y D e s i g n Document No. TCP.: D-030-01-00-0007 . IP::protocol.217. TCP::collect CLIENT_CLOSED This event is triggered at the end of any client connection.aFleX Engine Ver.0 6/21/2010 . IP::server_addr. and UDP Events . and UDP Events .aFleX Scripting Language . select service group xyz-dns.0 6/21/2010 b y 73 of 166 . select service group abc-dns. LB::server P e r f o r m a n c e D e s i g n Document No.AX Series .Reference IP. If the request contains "xyz". 2.aFleX Engine Ver.: D-030-01-00-0007 .LB_FAILED Example: when CLIENT_DATA { if { [UDP::payload 50] contains "XYZ" } { pool xyz_servers } } Example: If a DNS request contains "abc". for example. Example: when LB_FAILED { pool errorPool } Related Information Available Commands: LB::reselect. if all nodes in the pool are down or all their connection limits have been reached. TCP. when CLIENT_DATA { log "UDP::payload 12 12 = [UDP::payload 12 12]" if { [UDP::payload 12 12] contains "abc" } { pool abc-dns log " select pool abc-dns" } elseif { [UDP::payload 12 12] contains "xyz" } { pool xyz-dns log " select pool xyz-dns" } } Related Information Available Commands pool LB_FAILED This Event is triggered when the AX device can not select a node for the incoming request. aFleX Scripting Language . 74 of 166 P e r f o r m a n c e b y D e s i g n Document No.: D-030-01-00-0007 .aFleX Engine Ver. Example: when SERVER_CLOSED { log local0. IP::server_addr SERVER_DATA Triggered when new data is received from the target node while the connection is in a hold state. "Server [IP::server_addr] has closed the connection" } Related Information Available Commands: IP::local_addr. LB::reselect. Example: when LB_SELECTED { if { [IP::addr [IP::remote_addr] equals "10. TCP. LB::server SERVER_CLOSED This Event is triggered when the Server side connection closes.Reference IP. 2. Related Information Available Commands: IP::local_addr.0.AX Series . IP::server_addr SERVER_CONNECTED Triggered when a connection has been established with the target node. and UDP Events .0.LB_SELECTED LB_SELECTED This Event is triggered when the system selects a pool member.0 6/21/2010 .1"] } { snat VIPsnat } } Related Information Available Commands: IP::local_addr. SSL::verify_result. X509::subject. SSL::sessionid. SSL::verify_result.Reference SSL Events .CLIENTSSL_CLIENTCERT SSL Events CLIENTSSL_CLIENTCERT Triggered when the AX device receives an SSL client certificate.: D-030-01-00-0007 . SSL::sessionid. Example: when CLIENTSSL_CLIENTCERT { set cert [SSL::cert 0] set subject [X509::subject $cert] } Related Information Available Commands SSL::cert. 2. X509::verify_cert_error_string CLIENT_HANDSHAKE Triggered when an SSL handshake on the client side is completed. X509::verify_cert_error_string P e r f o r m a n c e D e s i g n Document No.AX Series .0 6/21/2010 b y 75 of 166 .aFleX Scripting Language . X509::subject.aFleX Engine Ver. Example: when CLIENTSSL_HANDSHAKE { set cert [SSL::cert 0] set subject {X509::subject $cert] } Related Information Available Commands SSL::cert. 2.jpg" } { pool your_pool } } Related Information Valid Events: ALL 76 of 166 P e r f o r m a n c e b y D e s i g n Document No. Syntax <string1> contains <string2> Example: when HTTP_REQUEST { if { [HTTP::uri] contains "aol" } { pool aol_pool } else { pool all_pool } } ends_with Tests whether one string (string1) ends with another string (string2).: D-030-01-00-0007 .Reference Relational Operators .aFleX Engine Ver.0 6/21/2010 . Relational Operators contains Tests whether one string (string1) contains another string (string2).gif" } { pool my_pool } elseif { $uri ends_with ". Syntax <string1> ends_with <string2> Example: when HTTP_REQUEST { set uri [HTTP::uri] if { $uri ends_with ".AX Series .aFleX Scripting Language .contains Operators The following subsections describe the FleX operators. aFleX Scripting Language . their contents must be identical except that the following special sequences may appear in the pattern: • * – Matches any sequence of characters in string. When used with -nocase. then any character between x and y. the end points of the range are converted to lower case first. including a null string. • [chars] – Matches any character in the set given by chars. Example: when HTTP_REQUEST { if { [HTTP::uri] matches {*\\aol\\[a-z].equals equals Tests whether one string equals another string.0 6/21/2010 b y 77 of 166 . • \x – Matches the single character x. Syntax <string1> equals <string2> Related Information Valid Events: ALL matches Tests whether one string matches another string. If a sequence of the form x-y appears in chars.aFleX Engine Ver. 2.: D-030-01-00-0007 . which functions like a cut-down regular expression. will match.html} } { pool aol_pool } else { pool all_pool } } P e r f o r m a n c e D e s i g n Document No. • ? – Matches any single character in string. with -nocase this is considered to be like {[A-Za-z]}. For the two strings to match. Whereas {[A-z]} matches '_' when matching case-sensitively ('_' falls between the 'Z' and 'a'). Syntax <string1> matches <string2> Note: The "matches" operator uses the same comparison as the Tcl "string match" command. This provides a way of avoiding the special interpretation of the characters *?[]\ in a pattern.AX Series . inclusive.Reference Relational Operators . (This is probably what was meant in the first place). edu" } { pool edu_pool } } Related Information Valid Events: ALL starts_with Tests whether one string (string1) starts with another string (string2). 2.([\w]*)\. Example: when HTTP_REQUEST { if { [HTTP::host] matches_regex "www\.matches_regex Related Information Valid Events: ALL matches_regex Tests whether one string matches a regular expression.Reference Relational Operators .0 6/21/2010 .([\w]*)\.aFleX Engine Ver.aFleX Scripting Language .com" } { pool com_pool } elseif { [HTTP::host] matches_regex "www\.AX Series . Syntax <string1> starts_with <string2> Example: when HTTP_REQUEST { if { [HTTP::uri] starts_with "/news" } { pool news_pool } elseif { [HTTP::uri] starts_with "/sports" } { pool sports_pool } } 78 of 166 P e r f o r m a n c e b y D e s i g n Document No. Syntax <string1> matches_regex <regex> <string1> matches_regex <string2> Tests if string2 is contained within string1.: D-030-01-00-0007 . with the elements of the list being the patterns and commands.– Marks the end of options.Reference Relational Operators . • -. the argument must have proper list structure. use glob-style matching (the same as implemented by the string match command). The second form places all of the patterns and commands together into a single argument. The first uses a separate argument for each of the patterns and commands.aFleX Engine Ver. since the braces around the whole list make it unnecessary to include a backslash at the end of each line. If no pattern argument matches string and no default is given.0 6/21/2010 b y 79 of 166 . If the initial arguments start with "-".?} Matches its string argument against each of the pattern arguments in order. If the last pattern argument is "default". P e r f o r m a n c e D e s i g n Document No. use regular expression matching (the same as implemented by the regexp command). then it matches anything. this form is convenient if substitutions are desired on some of the patterns or commands. it evaluates the following body argument by passing it recursively to the Tcl interpreter and returns the result of that evaluation. 2. The second form makes it easy to construct multi-line commands. As soon as it finds a pattern that matches string. no command or variable substitutions are performed on them.AX Series . Syntax switch ?options? string {pattern body ?pattern body . Since the pattern arguments are in braces in the second form. The argument following this one will be treated as string even if it starts with a "-". then they are treated as options. depending on a given value. • -regexp – When matching string to the patterns.switch Related Information Valid Events: ALL switch Built-in TCL command. The following options are currently supported: • -exact – Use exact matching when comparing string to a pattern. Evaluates one of several scripts... then the command returns an empty string. this makes the behavior of the second form different than the first form in some cases.: D-030-01-00-0007 . This is the default. Two syntaxes are provided for the pattern and body arguments. • -glob – When matching string to the patterns.aFleX Scripting Language . com" to pool www.: D-030-01-00-0007 .domain.0 6/21/2010 .Reference Relational Operators .domain. host header "www.aFleX Scripting Language .AX Series . and requests with any other host header will be discarded: switch [string tolower [HTTP::host]] { www.aFleX Engine Ver. Example: This example will return 2: switch abc a .domain2.b {format 1} abc {format 2} default {format 3} This example will return 3: switch xyz { a b {format 1} a* {format 2} default {format 3} } This example will send traffic with host header "www. and so on).com [HTTP::uri] "/domain2[HTTP::uri]" pool www } default { discard } } Related Information Valid Events: ALL 80 of 166 P e r f o r m a n c e b y D e s i g n Document No.switch If a body is specified as "-" it means that the body for the next pattern should also be used as the body for this pattern (if the next pattern also has a body of "-" then the body after that is used.domain2.domain.com" will cause header manipulation & URI rewriting to take place first.com { HTTP::header insert Header1 domain2 HTTP::header replace Host www. This feature makes it possible to share a single body among several patterns.com { pool www } www. 2. com") } { pool pool1 } else { pool pool2 } } Related Information Valid Events: ALL not Performs a logical “not” on a value.0 6/21/2010 b y 81 of 166 .: D-030-01-00-0007 . 2.and Logical Operators and Performs a logical “and” comparison between two values.aFleX Engine Ver.AX Series . Syntax not <value> Example: when HTTP_REQUEST { if { not ([HTTP::uri] starts_with "/abc") } { pool pool1 } else { pool pool2 } } Related Information Valid Events: ALL P e r f o r m a n c e D e s i g n Document No.Reference Logical Operators .aFleX Scripting Language .company. Syntax <value1> and <value2> Example: when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/abc") and ([HTTP::host] equals "www. : D-030-01-00-0007 .aFleX Scripting Language .aFleX Engine Ver.or or Performs a logical “or” comparison between two values. 2.AX Series .Reference Logical Operators .0 6/21/2010 . Syntax <value1> or <value2> Example: when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/abc") or ([HTTP::uri] starts_with "/cde") } { pool pool1 } else { pool pool2 } } Related Information Valid Events: ALL 82 of 166 P e r f o r m a n c e b y D e s i g n Document No. aFleX Engine Ver.aFleX Scripting Language . Returns NULL if there is an error.AX Series .0 6/21/2010 b y 83 of 166 .: D-030-01-00-0007 .active_members Commands The following subsections describe the aFleX commands. GLOBAL Commands active_members Returns number of active members in the pool. Syntax b64decode <string> Example: when HTTP_REQUEST { set encrypted [HTTP::cookie "EncryptedCookie"] set decrypted [b64decode $encrypted] HTTP::cookie insert name "MyCookie" value $decrypted } Related Information Valid Events: ALL P e r f o r m a n c e D e s i g n Document No. decoded from base-64.Reference GLOBAL Commands . 2. Syntax active_members <pool_name> Example: when HTTP_REQUEST { if {[active_members pool1] >= 5} { pool big_pool } } Related Information Valid Events: ALL b64decode Returns the specified string. aFleX Engine Ver. This command has no effect if the aFleX command is already being evaluated under the client-side context.b64encode b64encode Returns the specified string.1.AX Series . This is provided for backward compatibility. Returns NULL if there is an error. A10 Networks recommends using IP::client_addr instead. 2.1.aFleX Scripting Language . Syntax b64encode <string> Example: when HTTP_REQUEST { set cert [SSL::cert 0] HTTP::header insert SSLCERT [b64encode $cert] } Related Information Valid Events: ALL clientside Causes the specified aFleX commands to be evaluated under the client-side context.Reference GLOBAL Commands . Syntax clientside {<aFleX commands>} Example: when SERVER_CONNECTED { if { [IP::addr [clientside {IP::remote_addr}] equals 10. encoded as base-64.80] } { discard } } Related Information Valid Events: ALL client_addr Returns the client IP address of a connection.: D-030-01-00-0007 .0 6/21/2010 . 84 of 166 P e r f o r m a n c e b y D e s i g n Document No. cpu The cpu usage command returns the average CPU load for the given interval.Reference GLOBAL Commands .: D-030-01-00-0007 .client_port Syntax client_addr Related Information Valid Events: See “IP::client_addr” on page 129.0 6/21/2010 b y 85 of 166 .aFleX Scripting Language .AX Series . client_port Returns the TCP port number/service of the specified client. All averages are exponential weighted moving averages over the interval. Syntax client_port Related Information Valid Events: See “TCP::client_port” on page 155. 2. Syntax cpu usage [1sec | 5secs | 15secs | 1min | 5mins | 15mins | all_seconds | all_minutes] Example: when HTTP_REQUEST { if { [cpu usage 5secs] <= 1} { pool1 } else { HTTP::redirect "http://anotherpool.aFleX Engine Ver. A10 Networks recommends using TCP::client_port instead.com" } } Related Information Valid Events: ALL P e r f o r m a n c e D e s i g n Document No. This is provided for backward compatibility. This command performs the same function as the drop command.aFleX Engine Ver.80] } { discard } } Related Information Valid Events: ALL dnat Disables or enables destination NAT for the current connection. The command overrides the behavior set by the no-dest-nat CLI command or equivalent GUI option on the virtual port.1.: D-030-01-00-0007 .detach detach Discontinue evaluating the aFleX event on a connection.1. 2. Note: Generally. Syntax dnat {disable | enable} 86 of 166 P e r f o r m a n c e b y D e s i g n Document No.0 6/21/2010 . The aFleX policy continues to run.aFleX Scripting Language .AX Series . Syntax discard Example: when SERVER_CONNECTED { if { [IP::addr [clientside {IP::remote_addr}] equals 10. disabling destination NAT is applicable only to Layer 4 traffic. on wildcard VIP used for Transparent Cache Switching (TCS). Disabling destination NAT is applicable to Layer 7 traffic only for service type HTTP. see the “Service Type HTTP Without URL Switching Rules” section in the “Transparent Cache Switching” chapter of the AX Series Configuration Guide. Syntax detach discard Causes the current packet or connection (depending on the context of the event) to be discarded. This statement must be conditionally associated with an if statement. For an example.Reference GLOBAL Commands . php?vlink=[HTTP::uri] pool sgve2 member 192.0.AX Series . 2.168. CLIENT_ACCEPTED domain Parses the specified string as a dotted domain name and returns the last <count> portions of the domain name.php?vlink=[HTTP::uri] pool sgve1 member 192.0.domain Example: when HTTP_REQUEST { if { [string length [HTTP::uri]] > 32 and [HTTP::uri] ends_with ". Syntax drop P e r f o r m a n c e D e s i g n Document No.10 8888 } elseif { [HTTP::uri] contains "watch?" } { dnat enable HTTP::uri /post.168.aFleX Engine Ver. This command must be conditionally associated with an if command.10 8888 } else { pool sg-router } } Related Information Valid Events: HTTP_REQUEST.sdp" } { dnat enable HTTP::uri /post.aFleX Scripting Language . This command performs the same function as the discard command. Syntax domain <string> <count> Related Information Valid Events: ALL drop Causes the current packet or connection (depending on the context of the event) to be discarded.: D-030-01-00-0007 .0 6/21/2010 b y 87 of 166 .Reference GLOBAL Commands . event Discontinue evaluating the specified aFleX event.: D-030-01-00-0007 .AX Series . Syntax findstr <string> <search_string> [<skip_count> [<terminator>] 88 of 166 P e r f o r m a n c e b y D e s i g n Document No.aFleX Scripting Language .1.1.80] } { drop } } Related Information Valid Events: ALL encoding Convert the character encoding of a payload to the specified encodiing.aFleX Engine Ver. However.encoding Example: when SERVER_CONNECTED { if { [IP::addr [clientside {IP::remote_addr}] equals 10.0 6/21/2010 . or all aFleX events. on this connection. Syntax encoding {convertfrom | convertto} <encoding> Example: See “set encode” on page 102.Reference GLOBAL Commands . the aFleX script continues to run. 2. Syntax event [<name>] [enable | disable] | [enable all | disable all] Related Information Valid Events: ALL findstr Find a string within another string and return the string starting at the offset specified from the match. it defaults to zero.Reference GLOBAL Commands . • If the <skip_count> argument is not specified.getfield Finds the string <search_string> within <string> and returns a sub-string based on the <skip_count> and <terminator> from the matched location.AX Series . and returns the string corresponding to the specific field. it defaults to the end of the string. • This command. 2.: D-030-01-00-0007 . • If the <terminator> argument is not specified. Syntax getfield <string> <split> <field_number> Example: To extract only the hostname from the host header (strips any trailing ":###" port specification) when HTTP_REQUEST { [getfield [HTTP::host] ":" 1] } P e r f o r m a n c e D e s i g n Document No. without <skip_count> or <terminator>. Note the following: • The <terminator> argument may be either a character or length.aFleX Scripting Language .0 6/21/2010 b y 89 of 166 .aFleX Engine Ver. is equivalent to the following Tcl command: string range <string> [string first <string> <search_string>] end Example: when HTTP_REQUEST { if { [findstr [HTTP::uri] "type=" 5 "&"] eq "cgi" } { pool cgi_servers } else { pool web_servers } } Related Information Valid Events: ALL getfield Splits a string on a character or string. AX Series .org[HTTP::uri] } } Related Information Valid Events: ALL htonl Convert the unsigned integer from host byte order to network byte order.com host to the same hostname.subdomain @ domain.htonl To redirect any request for a domain. Syntax htons <hostshort> Example: when HTTP_REQUEST { set hostshort 1234 set netshort [htons $hostshort] } 90 of 166 P e r f o r m a n c e b y D e s i g n Document No.org (uses a multi-character split string and field_number 1 to extract only those characters in the hostname before the split string.domain.0 6/21/2010 . 2. Syntax htonl <hostlong> Example: when HTTP_REQUEST { set hostlong 12345678 set netlong [htonl $hostlong] } Related Information Valid Events: ALL htons Convert the unsigned short integer from host byte order to network byte order.Reference GLOBAL Commands .com" 1].aFleX Engine Ver.: D-030-01-00-0007 .domain.aFleX Scripting Language .): when HTTP_REQUEST { if { [HTTP::host] contains "domain.com"} { HTTP::redirect https://[getfield [HTTP::host] ". P e r f o r m a n c e D e s i g n Document No.AX Series .aFleX Scripting Language . A10 Networks recommends using HTTP::cookie instead.Reference GLOBAL Commands . This is provided for backward-compatibility.aFleX Engine Ver.0 6/21/2010 b y 91 of 166 . This is provided for backward-compatibility.: D-030-01-00-0007 . A10 Networks recommends using HTTP::host instead. Syntax http_host Related Information Valid Events: See “HTTP::host” on page 119. 2. http_host Specifies the value in the Host: header of the HTTP request. A10 Networks recommends using HTTP::header instead. This command is provided for backward-compatibility.http_cookie Related Information Valid Events: ALL http_cookie Specifies the value in the Cookie: header for the specified cookie name. Syntax http_cookie <cookie_name> Related Information Valid Events: See “HTTP::cookie” on page 114. http_header Evaluates the string following an HTTP header tag that you specify. Syntax http_header(header_tag_string) Related Information Valid Events: See “HTTP::header” on page 117. asp. Syntax http_version Related Information Valid Events: See “HTTP::version” on page 128. but does not include the protocol and the fully qualified domain name (FQDN).: D-030-01-00-0007 . This command is provided for backwardcompatibility.Reference GLOBAL Commands . Syntax http_method Related Information Valid Events: See “HTTP::method” on page 120. For example. http_version Specifies the HTTP protocol version.0" or "HTTP/1. 92 of 166 P e r f o r m a n c e b y D e s i g n Document No. A10 Networks recommends using HTTP::uri instead.AX Series .0 6/21/2010 . This is provided for backward compatibility. if the URL is http://www.aFleX Scripting Language . A10 Networks recommends using HTTP::version instead.1". 2. A10 Networks recommends using HTTP::method instead.com/ buy. This command is provided for backward-compatibility. Common values are GET and POST. ip_protocol Selects a pool based on an IP protocol number. A10 Networks recommends using IP::protocol instead.asp. then the URI is /buy.mysite. Syntax http_uri Related Information Valid Events: See “HTTP::uri” on page 127.aFleX Engine Ver.http_method http_method Specifies the action of the HTTP request. http_uri Specifies a URL. Possible values are "HTTP/1. A10 Networks recommends using IP::tos instead.0 6/21/2010 b y 93 of 166 . The Type of Service (ToS) standard is a means by which network equipment can identify and treat traffic differently based on an identifier.aFleX Engine Ver. the AX device can apply a rule that sends the traffic to different pools of servers based on the ToS level within a packet.: D-030-01-00-0007 . 2.AX Series . This command works by performing variable expansion on the message as defined for the HTTP profile Header Insert setting. local_addr Selects a pool based on a client’s local IP address. log Generates and logs the specified message to the Syslog utility.aFleX Scripting Language . Syntax IP::local_addr Related Information Valid Events: See “IP::local_addr” on page 129. P e r f o r m a n c e D e s i g n Document No. For example. As traffic enters the site. you can load balance traffic based on part of the client’s IP address. ip_tos Sends the traffic to a different pool of servers based on the ToS level within a packet. This is provided for backward-compatibility. Syntax ip_tos Related Information Valid Events: See “IP::tos” on page 133. A10 Networks recommends using IP::local_addr instead.ip_tos Syntax ip_protocol Related Information Valid Events: See “IP::protocol” on page 130.Reference GLOBAL Commands . md5 Note: If not used appropriately. "NOTICE". they are rate-limited as a class and subsequently logged messages within the rate-limit period may be suppressed even though they are textually different. "INFO".<level>] <message> The facility can be one from "local0" to "local7" (Currently only "local0" is supported). However. Syntax md5 <string> Related Information Valid Events: All 94 of 166 P e r f o r m a n c e b y D e s i g n Document No. "Found $isCard $type CC# $card_number" log local0.: D-030-01-00-0007 . 2.aFleX Scripting Language . Syntax log [<facility>. "ALERT". Longer strings will be truncated.AX Series . and "DEBUG". when the <facility> and/or <level> are specified.DEBUG "This is log message from facility local0 and level DEBUG" Related Information Valid Events: ALL md5 Returns the RSA MD5 Message Digest Algorithm message digest of the specified string.<level> is specified. "ERR". The syslog facility is limited to logging 1024 bytes per request.aFleX Engine Ver.0 "Fatal error" log local0. "EMERG". the log messages are not rate-limited (though syslog will still perform suppression of repeated duplicates). the log command can produce large amounts of output. or the corresponding level string. When aFleX logs messages without the facility and/or level. Note: Example: log local0.0 6/21/2010 . "WARNING". The level can be a number from 0 to 7.Reference GLOBAL Commands . "CRIT". Note: There is a significant behavioral difference when the optional <facility>. aFleX Engine Ver.Reference GLOBAL Commands . They also must be configured as a member of a service group.node node Causes the specified server node (that is. P e r f o r m a n c e D e s i g n Document No.2.: D-030-01-00-0007 .1. 2. Syntax node <addr> [<port>] Note: The node command requires that the real server (node) and service port already be configured.0 6/21/2010 b y 95 of 166 .gif" } { node 10.aFleX Scripting Language .200 80 } } ntohl Convert the unsigned integer from network byte order to host byte order. Connection limiting and connection rate limiting are not applied to a node if it is selected by this command. IP address and port number) to be used directly. Note: Example: when HTTP_REQUEST { if { [HTTP::uri] ends_with ". thus bypassing any load-balancing.AX Series . Syntax ntohl <netlong> Example: when HTTP_REQUEST{ set netlong 12345678 set hostlong [ntohl $netlong] } Related Information Valid Events: ALL ntohs Convert the unsigned short integer from network byte order to host byte order. 2. the timeout is converted to minutes and is decremented one minute at a time.aFleX Scripting Language .persist Syntax ntohs <netshort> Example: when HTTP_REQUEST { set netshort 1234 set hostshort [ntohs $netshort] } Related Information Valid Events: ALL persist Set client persistence based on any value you choose. The <timeout> specifies how many seconds the persistence entry can remain in the table after the last time traffic from the client is sent to the server. or service group). This command differs from the command above in that it does not first check the persistence table for an existing entry for the key. The default is 1800 seconds. 96 of 166 P e r f o r m a n c e b y D e s i g n Document No.: D-030-01-00-0007 . Syntax persist uie <string> [<timeout>] Sets the key for an entry on the persistence table. rather than in the client request.aFleX Engine Ver.AX Series . The persist add form of the command is useful for setting persistence based on data that is set on the server and is therefore first observed by the AX device in the server response. indicating that you can set persistence based on any key. which maps the client to an SLB resource (real server. The uie option stands for “Universal Inspection Engine”. the AX device uses SLB to select a resource but does not create a persistence table entry. If the persistence table contains the specified key. Otherwise.Reference GLOBAL Commands . persist add uie <key> [timeout] Adds an entry to the persistence table.0 6/21/2010 . the AX device uses the SLB resource that key is mapped to in the table. Internally. real server port. AX Series - aFleX Scripting Language - Reference GLOBAL Commands - persist persist lookup uie <key> [all | node | port | pool] Performs a lookup in the persistence table for an entry with the specified key: • all – Returns all the values listed below. (If you do not specify this option or one of the following options, this is equivalent to specifying all.) • node – Returns the real server IP address. • port – Returns the real service port number. • pool – Returns the pool (service group) name. persist delete uie <key> Deletes the persistence table entry for the specified key. The <key> specifies the data, found within the HTTP header, upon which the persistence is based. The <key> can be specified with one of the following: • <specified-value> • { <specified-value> [ any service | any pool ] [ pool <pool-name> ] } Example: when HTTP_RESPONSE { set IP [IP::client_addr] persist add uie $IP 1800 } when HTTP_REQUEST { set IP [IP::client_addr] persist uie $IP } P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y 97 of 166 AX Series - aFleX Scripting Language - Reference GLOBAL Commands - pool Example: when HTTP_RESPONSE { set IP [IP::client_addr] persist add uie { $IP any service } 1800 } when HTTP_REQUEST { set IP [IP::client_addr] set p [ persist lookup uie { $IP any service } all ] if { $p ne "" } { log local0. "Found in persistency-table ([lindex $p 0] [lindex $p 1] [lindex $p 2])" node [lindex $p 1] [lindex $p 2] } } Related Information Valid Events: ALL pool Causes the system to load balance traffic to the specified pool or pool member. Note: Pool / member may be selected conditionally. If multiple conditions match, the last match will determine the pool/member to which this traffic is load balanced. Syntax pool <pool_name> pool <pool_name> [member <addr> [<port>] ] pool <pool_name> Example: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { pool my_pool } } 98 of 166 P e r f o r m a n c e b y D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 AX Series - aFleX Scripting Language - Reference GLOBAL Commands - redirect Related Information Valid Events: CLIENT_ACCEPTED, CLIENT_DATA, HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_REQUEST_SEND, LB_FAILED, NAME_RESOLVED Events which do not generate an error, but are not likely valid for this command: HTTP_RESPONSE, HTTP_RESPONSE_CONTINUE, HTTP_RESPONSE_DATA, LB_SELECTED, SERVER_CLOSED, SERVER_CONNECTED, SERVER_DATA redirect Redirects an HTTP request to a specific location. The location can be either a host name or a URI. A10 Networks recommends using HTTP::redirect instead. Syntax redirect [<host_name> | <URI>] Related Information Valid Events: See “HTTP::redirect” on page 123. reject Causes the connection to be rejected, returning a reset as appropriate for the protocol. Syntax reject Example: when SERVER_CONNECTED { if { [IP::addr [clientside {IP::remote_addr}] equals 10.1.1.80] } { drop } } Related Information Valid Events: ALL P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y 99 of 166 2. Syntax serverside { <aFleX command> } Example: when CLIENT_ACCEPTED { if {[IP::addr [serverside {IP::remote_addr}] equals 10.80] } { discard } } Related Information Valid Events: ALL server_addr Returns the IP address of the server.: D-030-01-00-0007 . This command has no effect if the aFleX policy is already being evaluated under the server-side context.Reference GLOBAL Commands .1.0 6/21/2010 . Syntax remote_addr Related Information Valid Events: See “IP::remote_addr” on page 131.aFleX Scripting Language .aFleX Engine Ver.AX Series . Syntax IP::server_addr Related Information Valid Events: See “IP::server_addr” on page 131.1.remote_addr remote_addr Selects a pool based on part of the client’s IP address. A10 Networks recommends using IP::remote_addr instead. A10 Networks recommends using IP::server_addr instead. serverside Causes the specified aFleX command or commands to be evaluated under the server-side context. 100 of 166 P e r f o r m a n c e b y D e s i g n Document No. 2.AX Series . the <key> is the session ID and the data is the SSL verify_result or the SSL certificate.: D-030-01-00-0007 . The session delete command deletes an SSL entry.0 6/21/2010 b y 101 of 166 . session Manage SSL sessions. A10 Networks recommends using TCP::server_port instead. If an SSL table already exists. The session lookup ssl command Searches the SSL table for information about the specified key. Syntax session add ssl <key> <data> [<timeout>] session lookup ssl <key> session delete <mode> <key> The session add ssl command creates a table to store SSL information. Generally.server_port server_port Returns the TCP port/service number of the specified server. Example: when CLIENTSSL_HANDSHAKE { set cert1 [SSL::cert 0] session add ssl [SSL::sessionid] $cert1 300 } when } HTTP_REQUEST { set cert2 [session lookup ssl [SSL::sessionid]] P e r f o r m a n c e D e s i g n Document No.aFleX Engine Ver.Reference GLOBAL Commands .aFleX Scripting Language . the command adds an entry to the table. Syntax TCP::server_port Related Information Valid Events: See “TCP::server_port” on page 159. HTTP_RESPONSE. HTTP_REQUEST. sha1 Returns the Secure Hash Algorithm version 1. CLIENTSSL_HANDSHAKE set encode Set the character encoding for data payloads. 2. The payload replace command (used in the example below) is valid only with the HTTP_RESPONSE_DATA event. CLIENTSSL_CLIENTCERT.aFleX Engine Ver.set encode Related Information Valid Events: CLIENT_ACCEPTED.Reference GLOBAL Commands .aFleX Scripting Language .0 (SHA1) message digest of the specified string.: D-030-01-00-0007 . 102 of 166 P e r f o r m a n c e b y D e s i g n Document No.0 6/21/2010 . Syntax set encode "<encoding>" Example: Here is an example of an aFleX policy that converts payload data into Japanese encoding Shift_JIS: when HTTP_RESPONSE { if { [HTTP::header "Content-Type"] contains "Shift_JIS" } { set encode "shiftjis" HTTP::collect } } when HTTP_RESPONSE_DATA { set hoge [HTTP::payload length] set payload [encoding convertfrom $encode [HTTP::payload]] regsub -all "abc" $payload "xyz" newdata set newdata3 [encoding convertto $encode $newdata] HTTP::payload replace 0 $hoge $newdata3 HTTP::release } Related Information Valid Events: The set encode command is valid with all events.AX Series . P e r f o r m a n c e D e s i g n Document No. the snatpool command must be triggered by a CLIENT_ACCEPTED or LB_SELECTED event. Syntax sha1 <string> Related Information Valid Events: All snatpool Uses the specified pool of IP addresses as translation addresses to create a SNAT.aFleX Engine Ver. Syntax snatpool <snatpool_name> The <snatpool_name> option specifies the name of a configured IP address pool. an empty string is returned.35] } { snatpool snat_a } else { snatpool snat_b } } Related Information Valid Events: CLIENT_ACCEPTED. LB_SELECTED For Layer 4 virtual ports. Note: Example: when CLIENT_ACCEPTED { if { [IP::addr [IP::local_addr] equals 10.0 6/21/2010 b y 103 of 166 . 2. Note: A NAT pool must already be bound to virtual port in the AX configuration.Reference GLOBAL Commands . The command uses the specified NAT pool instead of the NAT pool that is already bound to the virtual port in the AX configuration.0.snatpool Note: If an error occurs. For Layer 7 ports.: D-030-01-00-0007 . HTTP_REQUEST.aFleX Scripting Language .AX Series . the snatpool command must be triggered by a HTTP_REQUEST event.0. This is the virtual port’s default NAT pool. The IP type (IPv4 or IPv6) of the pool must be the same as the IP type of the real servers. aFleX Engine Ver. based on the values of the <skip_count> and <terminator> arguments. Syntax substr <string> <skip_count> [<terminator>] substr <string> <skip_count> [<terminator>] Note the following: • The <skip_count> and <terminator> arguments are used in the same way as they are for the findstr command. where 0 indicates the first character of <string>. • The <skip_count> argument is the index into <string> of the first char- acter to be returned.: D-030-01-00-0007 . • If <terminator> is an integer. • If <terminator> is a string which does not occur in the search space. from <skip_count> to the end of <string> is returned.Reference GLOBAL Commands .substr substr Returns a sub-string named <string>. 2.0 6/21/2010 . • This command is equivalent to the Tcl string range command except that the value of the <terminator> argument may be either a character or a count. • The <terminator> argument can be either the substring length or the sub- string terminating string. "Uri Part = $uri" } log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2 "x"]" "gh"]" 4]" 20]" 0]" The above example logs the following: cdefghijklm cdef 104 of 166 P e r f o r m a n c e b y D e s i g n Document No. whichever is shorter. the returned string will include that many characters.AX Series . Example: when HTTP_REQUEST { set uri [substr $uri 1 "?"] log local0. or up to the end of the string. the returned string will include characters up to but not including the first occurrence of the string.aFleX Scripting Language . • If <terminator> is a string. 2.0 6/21/2010 b y 105 of 166 .AX Series . All aFleX events begin with a when command.virtual cdef cdefghijklm cdefghijklm Related Information Valid Events: ALL virtual Return the name of the associated virtual server that the connection is flowing through. "Virtual Server: [virtual name]" } Related Information Valid Events: ALL when Specify an event in an aFleX script.10.: D-030-01-00-0007 .aFleX Engine Ver. You can specify multiple when commands within a single aFleX script.aFleX Scripting Language .Reference GLOBAL Commands .10. Syntax virtual name Example: when HTTP_REQUEST { log local0. Syntax when <event_name> Example: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.10] } { pool my_pool } } Related Information Valid Events: ALL P e r f o r m a n c e D e s i g n Document No. AX Series - aFleX Scripting Language - Reference LB Commands - LB::down LB Commands LB::down Temporarily marks the current real port down for 30 seconds. Syntax: LB::down Valid Events: LB_FAILED, LB_SELECTED Example: See Example 2 in “LB::reselect” on page 106. LB::reselect Reperforms server selection. Syntax: LB::reselect [pool <pool-name> [<member>]] If you use the command without any of the optional parameters, SLB selects the next available member (server and port) from the same service group used for the initial server selection. To specify the service group to use, use the pool <pool-name> option. If you also use the <member> option, the specified member is selected from the specified service group. Note: This command applies to Layer 7 traffic only for HTTP and HTTPS. Valid Events: LB_FAILED, LB_SELECTED Example 1: In this aFleX policy, the HTTP::retry command retries sending a client’s request to a service port that replies with an HTTP 5xx status code. If the first server continues to reply with a 5xx status code after 3 retries, the LB::reselect command reassigns the client request to another server. 106 of 166 P e r f o r m a n c e b y D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 AX Series - aFleX Scripting Language - Reference LB Commands - LB::reselect when CLIENT_ACCEPTED { set retry 0 set max_retry 3 set reselect 0 } when LB_SELECTED { if { $retry > 0 } { LB::reselect incr reselect } } when HTTP_RESPONSE { set status [HTTP::status] if { $retry < $max_retry } { if { $status starts_with "5" } { incr retry HTTP::retry } } } Example 2: This aFleX policy is similar to the one above, except the LB::down command in the policy marks the service port down for 30 seconds. when CLIENT_ACCEPTED { set retry 0 set max_retry 3 } when HTTP_REQUEST { log "In HTTP_REQUEST: $retry" log "End HTTP_REQUEST" } P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 b y 107 of 166 AX Series - aFleX Scripting Language - Reference LB Commands - LB::reselect when LB_SELECTED { log "In LB_SELECTED: current retry count = $retry" if { $retry > 0 } { log "In LB_RESLECT" LB::down LB::reselect } log "End LB_SELECTED" } when HTTP_RESPONSE { log "In HTTP_RESPONSE" set status [HTTP::status] log "1,$status" if { $retry < $max_retry } { if { $status starts_with "5" } { log "2,$status" incr retry HTTP::retry } } log "End HTTP_RESPONSE" } Example 3: This aFleX policy uses the STATS::get command to retrieve total connection statistics two service groups, then select the service group with fewer total connections. After a service group is selected, the policy selects a server from the group. If a retry occurs, the LB::reselect command selects another server from the same service group. If the maximum number of retries has already been reached, the other service group is selected. If both service groups have reached the maximum number of retries, a third service group is used. when CLIENT_ACCEPTED { #set initial retires count equal to 0 set retries 0 # variable for the first time set first 0 # number of retry per pool set retry_cnt_per_pool 0 # max. number of retry per pool set max_retry_per_pool 6 108 of 166 P e r f o r m a n c e b y D e s i g n Document No.: D-030-01-00-0007 - aFleX Engine Ver. 2.0 6/21/2010 : D-030-01-00-0007 .AX Series .0 6/21/2010 b y 109 of 166 .aFleX Engine Ver.Reference LB Commands .LB::reselect # number of pool retry set num_pool_retry 0 # max.aFleX Scripting Language . if { $first == 0 } { if {$group_data_1 > $group_data_2} { pool "sg-tcp80-2" set flag "2" } else { pool "sg-tcp80-1" set flag "1" } } log "End HTTP_REQUEST" } when LB_SELECTED { if { $first == 0} { set first 1 } elseif { $retries < $max_retry_per_pool} { # select next member in the same pool LB::reselect incr reselect P e r f o r m a n c e D e s i g n Document No. 2. number of pool to retry set max_pool_retry 1 # Next pool to try set next_pool "sg-tcp80-2" # Error status code set error_code "500" # Reselect counter set reselect 0 # Total retry counter set retry 0 } when HTTP_REQUEST { # Get service group 1 status set group_data_1 [STATS::get pool sg-tcp80-1 total-connection] # Get service group 1 status set group_data_2 [STATS::get pool sg-tcp80-2 total-connection] #Based on the status of each service group to decide which pool the 1st packet should #go to. the health status of the port is also returned.37 80 current-connection] if {$traffic < 10000} { LB::reselect pool sg-tcp80-3 member 20. Syntax LB::status node <ipaddr> [port <port-num> {tcp | udp}] If you specify the node IP address only.20. the port number and the transport protocol (tcp or udp) also are required.Reference LB Commands . 110 of 166 P e r f o r m a n c e b y D e s i g n Document No. 2.20.20. the Layer 3 health status of the server is returned.: D-030-01-00-0007 . The health status returned by the command is “Up” or “Down”.aFleX Engine Ver. If you use the port option.0 6/21/2010 .37 80 incr reselect } } } when HTTP_RESPONSE { log "In HTTP_RESPONSE" set r_status [HTTP::status] if { $r_status starts_with "5" } { incr retries # reselect next member or another pool HTTP::retry incr retry } } LB::status node Returns the health check status of a node.LB::status node } elseif { $num_pool_retry < $max_pool_retry } { incr num_pool_retry set retries 0 # select other pool if {$flag == "1"} { LB::reselect pool sg-tcp80-2 incr reselect } else { LB::reselect pool sg-tcp80-1 incr reselect } } else { set traffic [STATS::get pool sg-tcp80-3 member 20.aFleX Scripting Language . If you also specify a protocol port and its transport protocol.20.AX Series . aFleX Engine Ver.100.aFleX Scripting Language . service port number.: D-030-01-00-0007 .222 port 7000 of service group svcgroup-1 is UP!" } else { log "member 10.1.222 port 7000 of service group svcgroup-1 is DOWN!" } } Related Information Valid Events: ALL P e r f o r m a n c e D e s i g n Document No.1.100.1.222 port 7000 tcp] == "Up"} { log "*** Server 10.222 port 7000 } } is DOWN! ***" Related Information Valid Events: ALL LB::status pool Returns the health check status of a pool.1. Syntax LB::status pool <pool_name> [member <ipaddr> [<port_num>]] [partition shared] If you specify the pool name only.222 7000] == "up"} { log "member 10. the health status of the group is returned.0 6/21/2010 b y 111 of 166 .1.222 port 7000 is UP! ***" } else { log "*** Server 10.AX Series .Reference LB Commands .100.100. 2. the health status of the specified member or port is returned.LB::status pool Example: when HTTP_REQUEST { if { [LB::status node 10.100.1. If you also specify a member (node) IP address and. Example: when HTTP_REQUEST { if { [LB::status pool svcgroup-1 member 10. optionally.100. The health status returned by the command is “Up” or “Down”. 9" HTTP::close } Related Information Valid Events: HTTP_REQUEST. Doing so can stall the connection. Use caution when specifying a value larger than the size of the actual length. 2.AX Series . HTTP::collect [<length>] Collects the amount of data that you specify with the <length> argument. Use caution when omitting the value of the content length. Syntax HTTP::close Example: when HTTP_RESPONSE { HTTP::version "0.0 6/21/2010 . it triggers aFleX event HTTP_REQUEST_DATA or HTTP_RESPONSE_DATA depending on the data coming from.: D-030-01-00-0007 .HTTP::close HTTP Commands HTTP::close Inserts a “Connection: close” header and closes the HTTP connection. Syntax HTTP::collect Collects data.aFleX Scripting Language . You can use this command with the HTTP::request or HTTP::payload <size> command. HTTP_RESPONSE HTTP::collect Collects the amount of data that you specify with the <length> argument. Note: If you specify length 0. P e r f o r m a n c e b y D e s i g n 112 of 166 Document No. When the system collects the specified amount of HTTP content data. the HTTP_RESPONSE_DATA event is not triggered since no data is collected. Doing so can stall the connection.aFleX Engine Ver.Reference HTTP Commands . by removing the chunk header and assembling the packet. and so on).25 MB.aFleX Engine Ver.HTTP::collect If the <length> option is not used. this feature will not work properly.0 6/21/2010 b y 113 of 166 . the AX device col- lects as much data as specified by the header. Notes: The AX device buffers the entire payload before replying to the client. the HTTP::payload replace command only sup- ports clear text replacement.: D-030-01-00-0007 . • If the packet does not have an HTTP Content-Length header. The HTTP::collect command is not supported if RAM caching is enabled. a packet without a Content-Length header will be a chunkencoded packet. If the server response is compressed (transfer-encoded.Reference HTTP Commands . The AX will not rechunk the payload. bz. the command will de-chunk the packet first. If the object to be collected is very large. the AX device will replace the collected data with the specified string.AX Series .aFleX Scripting Language . up to the maximum allowed. performance can be affected. the AX device behaves as follows: • If the packet has an HTTP Content-Length header. tar.) • A zero-size chunk-encoded packet is received • RST is received from the server • FIN is received from the server Generally. the AX device will keep collecting data until one of the following occurs: • 1. gz. • In the current release. • For chunk-encoded packets. P e r f o r m a n c e D e s i g n Document No. If the HTTP::payload replace command is used in the same aFleX policy as the HTTP::collect command: • For packets that do not contain chuck-encoded data.25 MB of data is collected (This is the maximum amount that can be collected. The AX will then replace the content with the new string. The packet received by the client will not be chunkencoded. 1. 2. aFleX Engine Ver. Syntax HTTP::cookie names HTTP::cookie count HTTP::cookie [value] <name> [<string>] HTTP::cookie version <name> [version] HTTP::cookie path <name> [path] HTTP::cookie domain <name> [domain] HTTP::cookie ports <name> [portlist] HTTP::cookie insert name <name> value <value> [path <path>] [domain <domain>] [version <0 | 1 | 2>] HTTP::cookie remove <name> P e r f o r m a n c e b y D e s i g n 114 of 166 Document No. you can work around this by using an aFleX policy to remove the Accept-Encoding header from HTTP requests. 2.Reference HTTP Commands . For example: when HTTP_REQUEST { if { [HTTP::header exist "Accept-Encoding"] } HTTP::header remove “Accept-Encoding” } } { Example: when HTTP_RESPONSE { if {[HTTP::status] == 205}{ HTTP::collect [HTTP::header Content-Length] } } Related Information Valid Events HTTP_REQUEST. This command replaces the http_cookie command.aFleX Scripting Language . HTTP::cookie Queries for or manipulates cookies in HTTP requests and responses.AX Series .: D-030-01-00-0007 .HTTP::cookie If the server does use encoded responses. HTTP_RESPONSE.0 6/21/2010 . HTTP_RESPONSE_DATA HTTP_REQUEST_DATA. HTTP::cookie remove <name> Removes a cookie. The default value for the version is 0. 2. HTTP::cookie path <name> [path] Sets or gets the cookie path. HTTP::cookie count Returns the number of cookies present in the HTTP header.aFleX Scripting Language .Reference HTTP Commands . P e r f o r m a n c e D e s i g n Document No.aFleX Engine Ver.AX Series .0 6/21/2010 b y 115 of 166 . HTTP::cookie sanitize [attribute]+ Removes all but the specified attributes from the cookie. You can omit the keyword "value" from this command if the cookie name does not collide with any of the other commands.: D-030-01-00-0007 . HTTP::cookie ports <name> [portlist] Sets or gets the cookie port lists for V1 cookies. HTTP::cookie version <name> [version] Sets or gets the version of the cookie. HTTP::cookie insert name <name> value <value> [path <path>] [domain <domain>] [version <0 | 1 | 2>] Adds or replaces a cookie in an HTTP response.HTTP::cookie HTTP::cookie sanitize [attribute]+ HTTP::cookie exists <name> HTTP::cookie maxage <name> [seconds] HTTP::cookie expires <name> [seconds] [absolute | relative] HTTP::cookie comment <name> [comment] HTTP::cookie secure <name> [enable|disable] HTTP::cookie commenturl <name> [commenturl] HTTP::cookie discard <name> [enable|disable] HTTP::cookie names Returns the names of all the cookies present in the HTTP header. HTTP::cookie domain <name> [domain] Sets or gets the cookie domain. HTTP::cookie [value] <name> [string] Sets or gets the cookie value of the given name in an HTTP request. which is the number of seconds from the current time.aFleX Scripting Language .0 6/21/2010 . Applicable only to Version 1 cookies. Applies to Version 0 cookies only. The default number of seconds is relative. and applies to response messages only.aFleX Engine Ver. HTTP::cookie commenturl <name> [commenturl] Sets or gets the comment URL. HTTP::cookie expires <name> [seconds] [absolute | relative] Sets or gets the expires attribute. and applies to response messages only. WLSID=$cookie_s" } } Related Information Valid Events HTTP_REQUEST. the seconds value represents number of seconds since the UNIX epoch (January 1. Applies to Version 1 cookies only. Applies to response messages only. Applicable only to Version 1 cookies. Example: when HTTP_REQUEST { if { [HTTP::cookie exists "cookie-name"] } { set cookie_s [HTTP::cookie "cookie-name"] HTTP::cookie remove "cookie-name" set cookie_a [HTTP::header cookie] HTTP::header replace "cookie" "$cookie_a. HTTP::cookie comment <name> [comment] Sets or gets the cookie comment. Applicable only to Version 1 cookies.HTTP::cookie HTTP::cookie exists <name> Returns a true value if the cookie exists. HTTP_RESPONSE 116 of 166 P e r f o r m a n c e b y D e s i g n Document No.AX Series . and applies to response messages only. HTTP::cookie discard <name> [enable | disable] Sets or gets the value of the discard attribute. Applies to response messages only. 1970). HTTP::cookie maxage <name> [seconds] Sets or gets the max-age. If you specify the absolute argument. HTTP::cookie secure <name> [enable | disable] Sets or gets the value of the secure attribute.: D-030-01-00-0007 . and applies to response messages only.Reference HTTP Commands . 2. You can omit the <value> argument if the header name does not collide with any of the subcommands. HTTP_REQUEST_DATA HTTP::header Queries for or manipulates an HTTP header.HTTP::fallback HTTP::fallback Specifies or overrides the fallback host specified in the HTTP profile.aFleX Scripting Language .com/" } Related Information Valid Events: HTTP_REQUEST. Syntax HTTP::header [value] <name> Returns the value of the HTTP header named <name>. HTTP::header exists <name> Returns true if the named header is present on the request or response. 2. If you specify "lws". the AX device adds linear white space to long header values. HTTP::header at <index> Returns the HTTP header that the AX device finds at the zero-based index value. P e r f o r m a n c e D e s i g n Document No.mysite.aFleX Engine Ver.AX Series . HTTP::header names Returns a list of all the headers present on the request or response.0 6/21/2010 b y 117 of 166 .: D-030-01-00-0007 . HTTP::header insert ["lws"] <name> <value> Inserts the named HTTP header and its value into the end of the HTTP request or response. HTTP::header count Returns the number of HTTP headers present in the request or response. Syntax HTTP::fallback <host> Example: when LB_FAILED { HTTP::fallback "http://siteunavailable.Reference HTTP Commands . HTTP::header remove <name> Removes all headers names with the name <name>. This command performs a header insertion if the header was not present. v2.aFleX Engine Ver. otherwise. If the header is present. 2. the command replaces the header. In such cases. If you specify "lws".aFleX Scripting Language . the AX device treats the list as a list of name/value pairs.: D-030-01-00-0007 . n3. HTTP::header sanitize <header name>+ Removes all but the headers you specify. the command adds the header. However.HTTP::header HTTP::header insert ["lws"] {n1. HTTP_REQUEST_SEND. respectively.0 6/21/2010 . Optional arguments for these header fields are addr and service.AX Series . Example: when CLIENT_ACCEPTED { if { [HTTP::header "Host"] starts_with "andrew" } pool andrew_pool } else { pool main_pool } } { Related Information Valid Events HTTP_REQUEST.Reference HTTP Commands . …} Passes a Tcl list to insert into a header. HTTP::header insert_modssl_fields [addr | service] Inserts the HTTP header field ClientIPAddress or ClientTCPService. HTTP::header replace <name> [<string>] Replaces the last occurrence of the named header with the string <string>. HTTP::header [value] <name> <string> Sets the value of the named header. n2. the AX device adds linear white space to long header values. v1. v3. You can omit the <value> argument if the header name does not collide with any other values. HTTP_RESPONSE 118 of 166 P e r f o r m a n c e b y D e s i g n Document No. the command does not remove essential HTTP headers. Syntax HTTP::is_keepalive Example: when HTTP_RESPONSE { if {[HTTP::is_keepalive]}{ HTTP::close } } Related Information Valid Events: HTTP_REQUEST.AX Series . HTTP_REQUEST_DATA.aFleX Scripting Language . HTTP_RESPONSE HTTP::is_keepalive Returns a true value if this is a Keep-Alive connection. This command replaces the http_host command.aFleX Engine Ver. HTTP_RESPONSE_DATA HTTP::is_redirect Returns a true value if the response is a certain type of redirect. P e r f o r m a n c e D e s i g n Document No. Syntax HTTP::host Example: when HTTP_REQUEST { if { [HTTP::uri] contains "secure"} { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } } Related Information Valid Events: HTTP_REQUEST.0 6/21/2010 b y 119 of 166 . 2. if specified) of the HTTP request.: D-030-01-00-0007 . HTTP_RESPONSE. HTTP_REQUEST_DATA.Reference HTTP Commands .HTTP::host HTTP::host Returns the host name (and port. This command replaces the http_method command.HTTP::method Syntax HTTP::is_redirect Example: when HTTP_RESPONSE { if { [HTTP::is_redirect] } { log local0.Reference HTTP Commands ." } } Related Information Valid Events: HTTP_REQUEST. "HTTP Method: [HTTP::method]" } Related Information Valid Events: HTTP_REQUEST. HTTP_REQUEST_DATA HTTP::path Returns the path part of the HTTP request.AX Series . HTTP_RESPONSE_DATA HTTP::method Returns the type of HTTP request method. 2. Syntax HTTP::path [<string>] 120 of 166 P e r f o r m a n c e b y D e s i g n Document No.aFleX Engine Ver. Syntax HTTP::method Example: when HTTP_REQUEST { log local0.0 6/21/2010 . "Request redirected.aFleX Scripting Language . HTTP_RESPONSE.: D-030-01-00-0007 . HTTP_REQUEST_DATA. This is the correct path for exchange. "redirect" } else { pool pool_webmail #log local0.aFleX Scripting Language . "using pool " } } Related Information Valid Events: HTTP_REQUEST. the system returns the collected content.aFleX Engine Ver. If you do not specify a size.company. Syntax HTTP::payload [<size>] HTTP::payload length HTTP::payload <offset> <size> HTTP::payload replace <offset> <size> <data> HTTP::payload [<size>] Returns the content that the HTTP::collect command has collected thus far.: D-030-01-00-0007 . 2. "Host . "Path .[HTTP::host]" log local0. or replace a certain amount of content. With this command. you can retrieve content.0 6/21/2010 b y 121 of 166 . P e r f o r m a n c e D e s i g n Document No. when HTTP_REQUEST { if { [HTTP::path] equals "/" } { HTTP::redirect "https://[HTTP::host]/exchange/" #log local0.AX Series .Reference HTTP Commands .com is redirected to https://webmail. query for content size.com/exchange.company.HTTP::payload Example: when HTTP_REQUEST { log local0. HTTP_REQUEST_DATA HTTP::payload Queries for or replaces content information. Redirected traffic then passes to the webmail pool.[HTTP::path]" } Webmail redirect example: https://webmail. HTTP::query HTTP::payload length Returns the size of the content that the command has collected thus far.: D-030-01-00-0007 . Example: when HTTP_RESPONSE { if {[HTTP::status] == 205}{ HTTP::collect [HTTP::header Content-Length] } } when HTTP_RESPONSE_DATA { HTTP::respond 200 content [HTTP::payload] } when HTTP_RESPONSE_DATA { regsub -all "oursite" [HTTP::payload] "oursitedev" newdata log "Replacing payload with new data. starting at <offset> with <string>. 2." HTTP::payload replace 0 $clen $newdata HTTP::release } Related Information Valid Events HTTP_REQUEST. HTTP_RESPONSE. "http_query [HTTP::query]" } 122 of 166 P e r f o r m a n c e b y D e s i g n Document No.0 6/21/2010 . "http_path [HTTP::path]" log local0. not including the HTTP headers. Syntax HTTP::query Example: when HTTP_REQUEST { log local0.Reference HTTP Commands . HTTP::payload replace <offset> <size> <string> Replaces the amount of content that you specified with the <size> argument.aFleX Engine Ver.aFleX Scripting Language . HTTP_REQUEST_SEND. starting at <offset> with size equals <size>.AX Series . HTTP::payload <offset> <size> Returns the content that the HTTP::collect command has collected. HTTP_RESPONSE_DATA HTTP::query Returns the query part of the HTTP request. Reference HTTP Commands . Therefore. HTTP_REQUEST_DATA.aFleX Engine Ver. Unless a subsequent HTTP::collect command was issued. Note: This command sends the response to the client immediately.com/" } } Related Information Valid Events HTTP_REQUEST. 2.aFleX Scripting Language . the data is implicitly released.siterequest.AX Series . you cannot specify this command multiple times in an aFleX script. there is no need to use the HTTP::release command inside of the HTTP_REQUEST_DATA and HTTP_RESPONSE_DATA events. since in these cases. nor can you specify any other commands that modify header or content. Syntax HTTP::release P e r f o r m a n c e D e s i g n Document No. Syntax HTTP::redirect <url> Example: when HTTP_RESPONSE { if { [HTTP::status] contains "404"} { HTTP::redirect "http://www. after you specify this command. HTTP::release Releases the collected data. HTTP_RESPONSE_DATA HTTP_RESPONSE.HTTP::redirect Related Information Valid Events: HTTP_REQUEST.: D-030-01-00-0007 . HTTP_REQUEST_DATA HTTP::redirect Redirects an HTTP request or response to the specified URL.0 6/21/2010 b y 123 of 166 . : D-030-01-00-0007 . HTTP_REQUEST_DATA HTTP::request_num Returns the number of HTTP requests that a client made on the connection." HTTP::payload replace 0 $clen $newdata } Related Information Valid Events HTTP_REQUEST.aFleX Engine Ver. Syntax HTTP::request Example: when HTTP_REQUEST { # save original request set req [HTTP::request] # flag as new request needing lookup set lookup 1 # inject lookup URI in place of original request HTTP::uri "/page. You can access the request payload using the HTTP::collect command.AX Series . 2. Syntax HTTP::request_num 124 of 166 P e r f o r m a n c e b y D e s i g n Document No. HTTP_RESPONSE_DATA HTTP::request Returns the raw request header string.0 6/21/2010 .aspx?ip=[IP::client_addr]" # set pool to lookup server pool pool lookup_server } Related Information Valid Events HTTP_REQUEST.aFleX Scripting Language . HTTP_RESPONSE. HTTP_REQUEST_DATA.Reference HTTP Commands .HTTP::request Example: when HTTP_RESPONSE_DATA { regsub -all "oursite" [HTTP::payload] "oursitedev" newdata log "Replacing payload with new data. A10 Networks recommends that you not run any more aFleX scripts after this API. it sends the response to the client without any load balancing taking place.domain. HTTP_RESPONSE_DATA HTTP::respond Allows users to generate or rewrite a client request or a server response. Syntax HTTP::respond <status code> [content <content Value>] [<Header name> <Header Value>]+ Example: To send a redirect with a cookie set. path=/. Note: The maximum size response that can be sent using this command is 64 KB.aFleX Scripting Language . 2. the content from the actual server is discarded and replaced with the information provided to this API. domain=%s" $ckname $ckvalue ". HTTP_REQUEST_DATA.HTTP::respond Example: when HTTP_REQUEST { log local0.0 6/21/2010 b y 125 of 166 . When the system runs the command on the client side.Reference HTTP Commands . If the system runs the command on the server side. when HTTP_REQUEST { set ckname "app" set ckvalue "893" set cookie [format "%s=%s. "Request number [HTTP::request_num]" } Related Information Valid Events: HTTP_REQUEST.org" "Set-Cookie" $cookie } Note: P e r f o r m a n c e D e s i g n Document No.AX Series . This is a powerful API that allows users to generate or rewrite a client request or a server response. Because the system sends the response data immediately after this aFleX script runs.domain.: D-030-01-00-0007 . HTTP_RESPONSE.aFleX Engine Ver.org"] HTTP::respond 302 Location "http://www. but the site you are looking for is temporarily out of service<br>If you feel you have reached this page in error.Reference HTTP Commands . HTTP_RESPONSE. They are not supported for fast-HTTP or any of the other virtual port types.aFleX Engine Ver.AX Series .0 6/21/2010 .aFleX Scripting Language . 2. HTTP_RESPONSE_DATA HTTP::retry Resends an HTTP request to the server. HTTP::status Returns the response status code. when HTTP_REQUEST { HTTP::respond 200 content "<html><head><title>Apology Page</title></ head><body>We are sorry. Note: This command is supported only for virtual port types HTTP and HTTPS.: D-030-01-00-0007 . Syntax HTTP::status 126 of 166 P e r f o r m a n c e b y D e s i g n Document No.<p></body></html>" } Related Information Valid Events HTTP_REQUEST. Syntax: HTTP:retry Valid Events: HTTP_RESPONSE. HTTP_REQUEST_DATA. please try again.HTTP::retry Or to send an apology page from with in the aFleX. HTTP_RESPONSE_DATA Example: See the first example in “LB::reselect” on page 106. HTTP_REQUEST_DATA P e r f o r m a n c e D e s i g n Document No. It should always start with a slash.Reference HTTP Commands . 2.siterequest. Syntax HTTP::uri <string> The URI string does not include the protocol (http or https) or hostname.: D-030-01-00-0007 .AX Series . This command replaces the http_uri command. HTTP_RESPONSE_DATA HTTP::uri Returns or sets the URI of the request. HTTP::uri <string> Changes the URI passed to the server. just the path. Example: when HTTP_REQUEST { if { [HTTP::uri] ends_with "cgi" } { pool cgi_pool } elseif { [HTTP::uri] starts_with "/abc" } { pool abc_servers } } Make uri path start with /prefix if it doesn't already when HTTP_REQUEST { if { not ([HTTP::uri] starts_with "/prefix") } { HTTP::uri /prefix[HTTP::uri] } } Related Information Valid Events: HTTP_REQUEST.aFleX Scripting Language .0 6/21/2010 b y 127 of 166 . starting with the slash after the hostname.aFleX Engine Ver.HTTP::uri Example: when HTTP_RESPONSE { if { [HTTP::status] contains "404"} { HTTP::redirect "http://www.com/" } } Related Information Valid Events: HTTP_RESPONSE. Note: This command does NOT perform a string comparison. To perform a literal string comparison.AX Series . 2.10.0.) [IP::addr 10. HTTP_RESPONSE. 1 for a match.Reference IP Commands .9" | "1.0. This command replaces the http_version command. and so on) rather than using the IP::addr comparison.1 equals 10.0.0. HTTP_RESPONSE_DATA IP Commands IP::addr Performs comparison of IP address/subnet/supernet to IP address/subnet/ supernet.: D-030-01-00-0007 . (Will return 1. Syntax IP::addr <addr1>[/<mask>] equals <addr2>[/<mask>] IP::addr Example: To perform comparison of IP address 10.10.0/8] 128 of 166 P e r f o r m a n c e b y D e s i g n Document No.1 with subnet 10.10. since it is a match. contains.aFleX Scripting Language . HTTP_REQUEST_DATA. Returns 0 if no match.HTTP::version HTTP::version Returns or sets the HTTP version of the request or response.10. simply compare the 2 strings with the appropriate operator (equals.0 6/21/2010 .0/8.1"] Example: when HTTP_RESPONSE { HTTP::version "1.0" | "1.aFleX Engine Ver.1" } Related Information Valid Events: HTTP_REQUEST. starts_with. Syntax HTTP::version ["0. 10. when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.0.aFleX Engine Ver. You can also specify the IP::client_addr and IP::server_addr commands.AX Series .10.0/8] To select a specific pool for a specific client IP address. it is useful in reusing the connected endpoint in another statement or to make routing type decisions.0.0/8. Also. HTTP_RESPONSE_DATA. CLIENT_CLOSED. P e r f o r m a n c e D e s i g n Document No.0.10] } { pool my_pool } } Related Information Valid Events: ALL IP::client_addr Returns the client IP address of a connection.: D-030-01-00-0007 . (Will return 1 or 0. HTTP_REQUEST_DATA. depending on client IP address.10] } { pool my_pool } } Related Information Valid Events: CLIENT_ACCEPTED. This command is equivalent to the command clientside { IP::remote_addr }.10.0 6/21/2010 b y 129 of 166 .) [IP::addr [IP::client_addr] equals 10.0. HTTP_REQUEST_SEND.aFleX Scripting Language . 2. LB_SELECTED. SERVER_CONNECTED IP::local_addr This command is primarily useful for generic rules that are re-used.10. HTTP_REQUEST. HTTP_RESPONSE.Reference IP Commands . Syntax IP::client_addr Example: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.IP::client_addr To perform comparison of client-side IP address with subnet 10. aFleX Engine Ver.0 6/21/2010 .2] } { pool deprecated_site } else { pool current_site_pool } } when SERVER_CONNECTED { log local0.: D-030-01-00-0007 . this is the source IP address (SNAT address if SNAT is used.16. else spoofed client IP address). "Source IP address for connection to node: [IP::local_addr]" } Related Information Valid Events: CLIENT_ACCEPTED. Example: when CLIENT_ACCEPTED { if { [IP::addr [IP::local_addr] equals 172. 2. SERVER_CLOSED.Reference IP Commands . LB_SELECTED. In the serverside context. Syntax IP::protocol Example: when CLIENT_ACCEPTED { if { [IP::protocol] == 6 } { pool tcp_pool } else { pool slow_pool } } 130 of 166 P e r f o r m a n c e b y D e s i g n Document No.AX Series . In the clientside context.aFleX Scripting Language .32. HTTP_REQUEST_SEND. CLIENT_CLOSED. HTTP_REQUEST_DATA. HTTP_REQUEST. HTTP_RESPONSE_DATA. this is the destination IP address (virtual IP address). HTTP_RESPONSE. SERVER_CONNECTED IP::protocol Returns the IP protocol value.IP::protocol Syntax IP::local_addr Returns the IP address of the AX being used in the connection. HTTP_REQUEST_DATA. Syntax IP::server_addr P e r f o r m a n c e D e s i g n Document No.0.0/255.0. HTTP_RESPONSE_DATA.aFleX Scripting Language . LB_SELECTED. The command returns 0 if the serverside connection has not been made. You can also specify the IP::client_addr and IP::server_addr commands.Reference IP Commands . SERVER_CLOSED. 2. SERVER_CONNECTED IP::server_addr Returns the server’s (node’s) IP address.0 6/21/2010 b y 131 of 166 . "Node IP address is: [IP::remote_addr]" } Related Information Valid Events: CLIENT_ACCEPTED.IP::remote_addr Related Information Valid Events: CLIENT_ACCEPTED IP::remote_addr Returns the IP address of the host on the far end of the connection.0.AX Series .0. CLIENT_CLOSED. This command is equivalent to the command serverside {IP::remote_addr}. Syntax IP::remote_addr Example: when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 206. In the clientside context. HTTP_RESPONSE. HTTP_REQUEST. In the serverside context this is the node IP address.0] } { pool clients_from_206 } else { pool other_clients_pool } } when SERVER_CONNECTED { log local0. respectively. once a serverside connection has been established. HTTP_REQUEST_SEND. this is the client IP address.aFleX Engine Ver.: D-030-01-00-0007 . Reference IP Commands .AX Series . 2. Syntax IP::stats pkts in IP::stats pkts out IP::stats pkts IP::stats bytes in IP::stats bytes out IP::stats bytes IP::stats age IP::stats pkts in Returns number of packets received IP::stats pkts out Returns number of packets sent IP::stats pkts Returns a Tcl list of packets in and packets out IP::stats bytes in Returns number of bytes received IP::stats bytes out Returns number of bytes sent IP::stats bytes Returns Tcl list of bytes in and bytes out 132 of 166 P e r f o r m a n c e b y D e s i g n Document No. SERVER_CLOSED.aFleX Scripting Language .aFleX Engine Ver. SERVER_CONNECTED IP::stats Supplies information about the number of packets or bytes being sent or received in a given connection. LB_SELECTED.: D-030-01-00-0007 .IP::stats Example: when SERVER_CONNECTED { log local0. HTTP_RESPONSE.0 6/21/2010 . "Node IP address: [IP::server_addr]" } Related Information Valid Events: HTTP_REQUEST_SEND. AX Series .IP::tos Related Information Valid Events: ALL IP::tos Selects a different pool of servers based on the ToS level within a packet.0 6/21/2010 b y 133 of 166 .Reference IP Commands . The Type of Service (ToS) standard is a means by which network equipment can identify and treat traffic differently based on an identifier. 2.aFleX Engine Ver. Syntax IP::ttl Example: when CLIENT_ACCEPTED { if { [IP::ttl] < 3 } { drop } } P e r f o r m a n c e D e s i g n Document No.aFleX Scripting Language . Note: This command replaces the ip_tos command. Example: when CLIENT_ACCEPTED { if { [IP::tos] == 16 } { pool telnet_pool } else { pool slow_pool } } Related Information Valid Events: CLIENT_ACCEPTED IP::ttl Returns the TTL of the current packet being acted upon. As traffic enters the site.: D-030-01-00-0007 . Syntax IP::tos Selects a different pool of servers based on the ToS level within a packet. the AX device can apply a rule that sends the traffic to different pools of servers based on the ToS level within a packet. IP::version Related Information Valid Events: CLIENT_ACCEPTED IP::version Returns the version of the current packet being acted upon.0 6/21/2010 . 2. Syntax SIP::call_id Example: See “SIP Command Examples” on page 139. Related Information Valid Events: SIP_REQUEST. Syntax IP::version Example: when CLIENT_ACCEPTED { if {[IP::version] eq 6} { pool ipv6_pool } else { pool ipv4_pool } } Related Information Valid Events: CLIENT_ACCEPTED SIP Commands SIP::call_id Returns the value of the Call-ID header in a SIP request. SIP_RESPONSE 134 of 166 P e r f o r m a n c e b y D e s i g n Document No.aFleX Scripting Language . SIP_REQUEST_SEND.AX Series .aFleX Engine Ver.Reference SIP Commands .: D-030-01-00-0007 . Without the <index> option. in cases where there are multiple header levels. 2.SIP::from SIP::from Returns the value of the “From” header in a SIP request. Syntax SIP::header insert “header-name” “header-value” <index> P e r f o r m a n c e D e s i g n Document No.aFleX Engine Ver. SIP_RESPONSE SIP::header Returns SIP header “header-name”. SIP_REQUEST_SEND.aFleX Scripting Language .Reference SIP Commands . SIP_REQUEST_SEND. Syntax SIP::from Example: See “SIP Command Examples” on page 139. Example: See “SIP Command Examples” on page 139.AX Series . The <index> option indicates the header to act upon.0 6/21/2010 b y 135 of 166 . the first instance of the header is acted upon by the aFleX policy. SIP_RESPONSE SIP::header insert Inserts the specified SIP header-name:header-value pair at position <index>. Related Information Valid Events: SIP_REQUEST. Syntax SIP::header [<value>] “header-name” [<index>] The <value> option specifies the header value. Related Information Valid Events: SIP_REQUEST.: D-030-01-00-0007 . Syntax SIP::respond code <"phrase" <"header-name" "header-value">> Example: See “SIP Command Examples” on page 139. phrase. Related Information Valid Events: SIP_REQUEST. Example: See “SIP Command Examples” on page 139.: D-030-01-00-0007 . Syntax SIP::method Example: See “SIP Command Examples” on page 139.0 6/21/2010 . SIP_REQUEST_SEND. SIP_REQUEST_SEND. and headername:header-value pair.Reference SIP Commands . SIP_RESPONSE 136 of 166 P e r f o r m a n c e b y D e s i g n Document No.aFleX Scripting Language . SIP_REQUEST_SEND. SIP_RESPONSE SIP::respond Sends back a response with the specified code.AX Series .aFleX Engine Ver. Related Information Valid Events: SIP_REQUEST. 2. and others are inserted at the tail. SIP_RESPONSE SIP::method Returns the type of the SIP request method. Related Information Valid Events: SIP_REQUEST. a “via” header is inserted at the head of the SIP headers.SIP::method If you do not specify the <index>. If no such header exists. the header is inserted prior to any preexisting header of the same name and value. SIP_REQUEST_SEND.aFleX Scripting Language . Syntax SIP::uri P e r f o r m a n c e D e s i g n Document No. Syntax SIP::response code Gets the SIP response code.0 6/21/2010 b y 137 of 166 . 2. SIP_RESPONSE SIP::to Returns the value of the “To” header in the SIP request. Related Information Valid Events: SIP_REQUEST.: D-030-01-00-0007 . Syntax SIP::to Example: See “SIP Command Examples” on page 139.SIP::response SIP::response Gets the SIP response code or response phrase. Related Information Valid Events: SIP_REQUEST. Example: See “SIP Command Examples” on page 139.aFleX Engine Ver.Reference SIP Commands . SIP_RESPONSE SIP::uri Returns the complete URI of the request. if specified.AX Series . if specified. SIP::response rewrite code <phrase> Rewrites the response code and phrase. SIP_REQUEST_SEND. or rewrites the response code and phrase. SIP::response phrase Gets the response phrase. only the information at the specified index level is returned. SIP::via received [<index>] Gets the retrieved attribute of the SIP via at the specified index level. Syntax SIP::via [<index>] Gets the information in the SIP “via” header.0 6/21/2010 .aFleX Scripting Language . only the information at the specified index level is returned. only the information at the specified index level is returned. If you specify the <index>. SIP::via ttl [<index>] 138 of 166 P e r f o r m a n c e b y D e s i g n Document No. SIP_REQUEST_SEND. SIP::via maddr [<index>] Gets the maccadr attribute of the SIP via at the specified index level.aFleX Engine Ver. SIP::via sent_by [<index>] Gets the sent_by part of the SIP via at the specified index level. SIP_RESPONSE SIP::via Gets SIP “via” information. Related Information Valid Events: SIP_REQUEST. If you specify the <index>. 2. If you specify the <index>. If you specify the <index>.: D-030-01-00-0007 . SIP::via branch [<index>] Gets the branch attribute of the SIP via at the specified index level.AX Series . only the information at the specified index level is returned.Reference SIP Commands . only the information at the specified index level is returned.SIP::via Example: See “SIP Command Examples” on page 139. If you specify the <index>. SIP::via proto [<index>] Gets the protocol part of the SIP via at the specified index level. Reference SIP Commands . 2.SIP Command Examples Gets the TTL attribute of the SIP via at the specified index level. If you specify the <index>. Related Information Valid Events: SIP_REQUEST.aFleX Engine Ver.0 6/21/2010 b y 139 of 166 . SIP_RESPONSE SIP Command Examples Example 1: when SIP_REQUEST { if { [SIP::method] contains "SUBSCRIBE" } { log "***************** SIP-REQUEST *******************" log "SIP::call_id is [SIP::call_id]" log "---------------------------------------------------" log "SIP::from is [SIP::from]" log "---------------------------------------------------" log "SIP::header Via [SIP::header Via]" log "SIP::header Via value index0 [SIP::header value Via 0]" log "SIP::header Via index9 [SIP::header Via 9]" log "SIP::header From [SIP::header From]" log "SIP::header value From index0 [SIP::header value From 0]" log "SIP::header From index9 <not exist> [SIP::header From 9]" log "SIP::header To [SIP::header To]" log "SIP::header To index0 [SIP::header To 0]" log "SIP::header value To index9 <not exist> [SIP::header value To 9]" log "SIP::header Call-ID [SIP::header Call-ID]" log "SIP::header value Call-ID index0 [SIP::header value Call-ID 0]" log "SIP::header value Call-ID index9 <not exist> [SIP::header value CallID 9]" log "SIP::header CSeq [SIP::header CSeq]" log "SIP::header CSeq value index0 [SIP::header value CSeq 0]" log "SIP::header CSeq index9 <not exist> [SIP::header CSeq 9]" log "SIP::header Contact [SIP::header Contact]" P e r f o r m a n c e D e s i g n Document No.: D-030-01-00-0007 . Example: See “SIP Command Examples” on page 139. SIP_REQUEST_SEND.aFleX Scripting Language . only the information at the specified index level is returned.AX Series . com:5070.maddr=3ffe:501:ffff:50::51.1.SIP Command Examples log "SIP::header value Contact index0 [SIP::header value Contact 0]" log "SIP::header Contact index9 <not exist> [SIP::header Contact 9]" log "SIP::header Max-Forwards [SIP::header Max-Forwards]" log "SIP::header Event [SIP::header Event]" log "SIP::header User-Agent [SIP::header User-Agent]" log "SIP::header Expires [SIP::header Expires]" log "SIP::header Allow [SIP::header Allow]" log "SIP::header Accept [SIP::header Accept]" log "SIP::header Content-length [SIP::header Content-length]" log "SIP::header abc <not valid header> [SIP::header abc]" log "---------------------------------------------------" SIP::header remove Via log "SIP::header remove Via [SIP::header Via]" SIP::header remove From log "SIP::header remove From [SIP::header From]" log "---------------------------------------------------" log "SIP::header Via 0 (request) [SIP::header Via 0]" log "SIP::response code [SIP::response code]" SIP::header insert Via "SIP/10.0/UDP ss.under.branch=z9hG4bK721e418c 4.aFleX Engine Ver.0/UDP ss.217:5060.test. 2.1.rport.Reference SIP Commands .1" 10 SIP::header insert event "SIP/2.0 6/21/2010 .received=3ffe:501:ffff:50::50" 1 # log "Event 0 is [SIP::header event]" SIP::header insert From "<sip:
[email protected]=z9hG4bk11229103" log "SIP::header insert Via [SIP::header Via]" log "SIP::header From(2) [SIP::header From]" 140 of 166 P e r f o r m a n c e b y D e s i g n Document No.branch=z9hG4bK721e418c 4.0/UDP 171.1.com>.aFleX Scripting Language .test.AX Series .under.ttl=1.ttl=1.: D-030-01-00-0007 .com:5070.maddr=3ffe:501:ffff:50::51.tag=1043119751" log "SIP::header insert From index1 [SIP::header From]" log "SIP::header From [SIP::header From]" SIP::header insert Via "SIP/2. Reference SIP Commands .AX Series .aFleX Engine Ver.aFleX Scripting Language .: D-030-01-00-0007 . 2.SIP Command Examples log "SIP::header insert xyz index9 [SIP::header insert xyz "x y z" 9]" log "---------------------------------------------------" log "SIP::method [SIP::method]" log "---------------------------------------------------" SIP::respond 401 "no way" From "future" log "---------------------------------------------------" log "SIP::response [SIP::response code]" log "SIP::response phase [SIP::response phrase]" SIP::response rewrite 402 "no xxx" log "SIP::response rewrite code phrase [SIP::response code]" log "---------------------------------------------------" log "SIP::to [SIP::to]" log "---------------------------------------------------" log "SIP::uri [SIP::uri]" log "---------------------------------------------------" log "SIP::via [SIP::via]" log "SIP::via index0 [SIP::via 0]" log "SIP::via index9 [SIP::via 9]" log "SIP::via proto [SIP::via proto]" log "SIP::via proto index0 [SIP::via proto 0]" log "SIP::via proto index9 [SIP::via proto 9]" log "SIP::via sent_by [SIP::via sent_by]" log "SIP::via sent_by index0 [SIP::via sent_by 0]" log "SIP::via sent_by index9 [SIP::via sent_by 9]" log "SIP::via received [SIP::via received]" log "SIP::via received index0 [SIP::via received 0]" log "SIP::via received index9 [SIP::via received 9]" log "SIP::via branch [SIP::via branch]" log "SIP::via branch index0 [SIP::via branch 0]" log "SIP::via branch index9 [SIP::via branch 9]" log "SIP::via maddr [SIP::via maddr]" log "SIP::via maddr index0 [SIP::via maddr 0]" log "SIP::via maddr index9 [SIP::via maddr 9]" log "SIP::via ttl [SIP::via ttl]" log "SIP::via ttl index0 [SIP::via ttl 0]" log "SIP::via ttl index9 [SIP::via ttl 9]" } } P e r f o r m a n c e D e s i g n Document No.0 6/21/2010 b y 141 of 166 . 2.aFleX Engine Ver.Reference SIP Commands .AX Series .SIP Command Examples Example 2: when SIP_RESPONSE { if { [SIP::response code] equals "401" } { SIP::response rewrite 411 Phrase_Unauthorized log "SIP::response code [SIP::response code]" log "SIP::response phrase [SIP::response phrase]"} if { [SIP::response code] equals "501" } { SIP::response rewrite 511 Phrase_Not_Implemented log "SIP::response code [SIP::response code]" log "SIP::response phrase [SIP::response phrase]"} if { [SIP::response code] equals "200" } { SIP::response rewrite 210 okok log "SIP::response code [SIP::response code]" log "SIP::response phrase [SIP::response phrase]"} } Example 3: when SIP_REQUEST_SEND { if { [SIP::method] contains "SUBSCRIBE" } { log "***************** SIP-REQUEST-SEND *******************" log "SIP::header Via 1 (request_sent) [SIP::header Via 1]" log "SIP::call_id is [SIP::call_id]" log "---------------------------------------------------" log "SIP::from is [SIP::from]" log "---------------------------------------------------" log "SIP::header Via [SIP::header Via]" log "SIP::header Via value index0 [SIP::header value Via 0]" log "SIP::header Via index9 [SIP::header Via 9]" log "SIP::header From [SIP::header From]" log "SIP::header value From index0 [SIP::header value From 0]" log "SIP::header From index9 <not exist> [SIP::header From 9]" log "SIP::header To [SIP::header To]" log "SIP::header To index0 [SIP::header To 0]" 142 of 166 P e r f o r m a n c e b y D e s i g n Document No.: D-030-01-00-0007 .0 6/21/2010 .aFleX Scripting Language . 1.0/UDP 171.SIP Command Examples log "SIP::header value To index9 <not exist> [SIP::header value To 9]" log "SIP::header Call-ID [SIP::header Call-ID]" log "SIP::header value Call-ID index0 [SIP::header value Call-ID 0]" log "SIP::header value Call-ID index9 <not exist> [SIP::header value CallID 9]" log "SIP::header CSeq [SIP::header CSeq]" log "SIP::header CSeq value index0 [SIP::header value CSeq 0]" log "SIP::header CSeq index9 <not exist> [SIP::header CSeq 9]" log "SIP::header Contact [SIP::header Contact]" log "SIP::header value Contact index0 [SIP::header value Contact 0]" log "SIP::header Contact index9 <not exist> [SIP::header Contact 9]" log "SIP::header Max-Forwards [SIP::header Max-Forwards]" log "SIP::header Event [SIP::header Event]" log "SIP::header User-Agent [SIP::header User-Agent]" log "SIP::header Expires [SIP::header Expires]" log "SIP::header Allow [SIP::header Allow]" log "SIP::header Accept [SIP::header Accept]" log "SIP::header Content-length [SIP::header Content-length]" log "SIP::header abc <not valid header> [SIP::header abc]" log "---------------------------------------------------" SIP::header remove Via log "SIP::header remove Via [SIP::header Via]" SIP::header remove From log "SIP::header remove From [SIP::header From]" SIP::header remove From log "SIP::header remove From [SIP::header From]" SIP::header remove abc log "SIP::header remove index To [SIP::header abc]" log "---------------------------------------------------" SIP::header insert From "<sip:
[email protected] 6/21/2010 b y 143 of 166 . 2.com>.rport.tag=1043119751" log "SIP::header insert From index1 [SIP::header From]" log "SIP::header From [SIP::header From]" SIP::header insert Via "SIP/2.: D-030-01-00-0007 .AX Series .branch=z9hG4bk11229103" P e r f o r m a n c e D e s i g n Document No.217:5060.aFleX Engine Ver.Reference SIP Commands .aFleX Scripting Language .1. AX Series .Reference SIP Commands .aFleX Engine Ver. 2.aFleX Scripting Language .SIP Command Examples log "SIP::header insert Via [SIP::header Via]" log "SIP::header From(2) [SIP::header From]" log "SIP::header insert xyz index9 [SIP::header insert xyz "x y z" 9]" log "---------------------------------------------------" log "SIP::method [SIP::method]" log "---------------------------------------------------" SIP::respond 401 "no way" From "future" log "---------------------------------------------------" log "SIP::response [SIP::response code]" log "SIP::response phase [SIP::response phrase]" SIP::response rewrite 402 "no xxx" log "SIP::response rewrite code phrase [SIP::response code]" log "---------------------------------------------------" log "SIP::to [SIP::to]" log "---------------------------------------------------" log "SIP::uri [SIP::uri]" log "---------------------------------------------------" log "SIP::via [SIP::via]" log "SIP::via index0 [SIP::via 0]" log "SIP::via index9 [SIP::via 9]" log "SIP::via proto [SIP::via proto]" log "SIP::via proto index0 [SIP::via proto 0]" log "SIP::via proto index9 [SIP::via proto 9]" log "SIP::via sent_by [SIP::via sent_by]" log "SIP::via sent_by index0 [SIP::via sent_by 0]" log "SIP::via sent_by index9 [SIP::via sent_by 9]" log "SIP::via received [SIP::via received]" log "SIP::via received index0 [SIP::via received 0]" log "SIP::via received index9 [SIP::via received 9]" log "SIP::via branch [SIP::via branch]" log "SIP::via branch index0 [SIP::via branch 0]" log "SIP::via branch index9 [SIP::via branch 9]" log "SIP::via maddr [SIP::via maddr]" log "SIP::via maddr index0 [SIP::via maddr 0]" log "SIP::via maddr index9 [SIP::via maddr 9]" log "SIP::via ttl [SIP::via ttl]" log "SIP::via ttl index0 [SIP::via ttl 0]" log "SIP::via ttl index9 [SIP::via ttl 9]" } } 144 of 166 P e r f o r m a n c e b y D e s i g n Document No.0 6/21/2010 .: D-030-01-00-0007 . Reference Policy-Based SLB Commands .: D-030-01-00-0007 . Syntax SSL::cert <level> P e r f o r m a n c e D e s i g n Document No.aFleX Scripting Language . the AX device looks in the specified list. the AX device looks in the black/white list that is bound to the same virtual port to which the aFleX policy is bound.POLICY::bwlist id Policy-Based SLB Commands POLICY::bwlist id Returns the group ID associated with an IP address in a black/white list. If you specify a list name. Syntax POLICY::bwlist id <ip> [<bwlist_name>] Specifying a black/white list name is optional. Example: when HTTP_REQUEST { set client_addr [IP::client_addr] set group_id [ POLICY::bwlist id $client_addr ] set bwfile_group_id [ POLICY::bwlist id $client_addr bwfile ] if { $group_id equals 10 } { pool sg1 } elseif { $bwfile_group_id equals 20 } { pool sg2 } else { reject } } Related Information Valid Events: All SSL and X509 Commands SSL::cert Returns the SSL certificate with the specified level in the certificate chain. 2.AX Series .aFleX Engine Ver. If you do not specify a list name. The level is 0-based.0 6/21/2010 b y 145 of 166 . Syntax SSL::cert count Example: See the example for “SSL::cert” on page 145.Reference SSL and X509 Commands .aFleX Engine Ver.aFleX Scripting Language . HTTP_RESPONSE_DATA. HTTP_REQUEST_SEND. P e r f o r m a n c e b y D e s i g n 146 of 166 Document No. Related Information Valid Events: See “SSL::cert” on page 145. HTTP_RESPONSE_CONTINUE SSL::cert count Returns the number of certificates in the certificate chain.: D-030-01-00-0007 . 2. CLIENTSSL_HANDSHAKE. SSL::cert issuer Returns the issuer of the certificate with the specified level.0 6/21/2010 . HTTP_REQUEST_DATA.SSL::cert count Example: when CLIENTSSL_CLIENTCERT { set cert [SSL::cert 0] session add ssl [SSL::sessionid] $cert } when HTTP_REQUEST { if { [SSL::cert count] > 5 } { set issuer [SSL::cert issuer 2] log "issuer $issuer" } else { SSL::cert mode request } } Related Information Valid Events CLIENTSSL_CLIENTCERT. HTTP_RESPONSE. Syntax SSL::cert issuer <index> Example: See the example for “SSL::cert” on page 145.AX Series . HTTP_REQUEST. Syntax SSL::cert mode <”request” | “require” | “ignore” | “auto”> Example: See the example for “SSL::cert” on page 145. SSL::cert mode Sets the certificate mode. 2.Reference SSL and X509 Commands . Syntax SSL::sessionid Note: Example: when CLIENTSSL_HANDSHAKE { set cert [SSL::cert 0] session add ssl [SSL::sessionid] $cert 300 } Only the client side is supported. This setting overrides the mode setting in the template.aFleX Scripting Language . Related Information Valid Events: See “SSL::cert” on page 145. HTTP_REQUEST_DATA.: D-030-01-00-0007 .SSL::cert mode Related Information Valid Events: See “SSL::cert” on page 145.aFleX Engine Ver. HTTP_RESPONSE_CONTINUE P e r f o r m a n c e D e s i g n Document No.AX Series . Related Information Valid Events CLIENTSSL_CLIENTCERT. CLIENTSSL_HANDSHAKE. HTTP_RESPONSE. HTTP_REQUEST. HTTP_RESPONSE_DATA.0 6/21/2010 b y 147 of 166 . SSL::sessionid Returns the current SSL session ID. HTTP_REQUEST_SEND. returns the result code of the peer certification verification.SSL::verify_result SSL::verify_result If <result_code> is not specified. HTTP_RESPONSE.0 6/21/2010 . CLIENTSSL_HANDSHAKE. HTTP_REQUEST.: D-030-01-00-0007 . HTTP_RESPONSE. HTTP_RESPONSE_CONTINUE P e r f o r m a n c e b y D e s i g n 148 of 166 Document No. sets the result code of the peer certification verification. HTTP_REQUEST_DATA.AX Series . HTTP_REQUEST.aFleX Engine Ver. HTTP_REQUEST_DATA.aFleX Scripting Language . HTTP_REQUEST_SEND. If <result_code> is specified. 2. HTTP_REQUEST_SEND. HTTP_RESPONSE_DATA. HTTP_RESPONSE_DATA. Syntax SSL::verify_result [<result_code>] Example: when CLIENTSSL_HANDSHAKE { set result [ X509::verify_cert_error_string [SSL::verify_result]] log "Result is $result" } Related Information Valid Events CLIENTSSL_CLIENTCERT.509 certificate. Syntax X509::issuer Example: when CLIENTSSL_HANDSHAKE { set issuer [X509::issuer [SSL::cert 0]] log "Issuer: $issuer" } Related Information Valid Events: CLIENTSSL_CLIENTCERT. HTTP_RESPONSE_CONTINUE X509::issuer Returns the issuer of the X.Reference SSL and X509 Commands . CLIENTSSL_HANDSHAKE. HTTP_REQUEST_DATA. HTTP_REQUEST_SEND. HTTP_RESPONSE. HTTP_RESPONSE.X509::not_valid_after X509::not_valid_after Returns the not-valid-after date of an X. HTTP_RESPONSE_CONTINUE P e r f o r m a n c e D e s i g n Document No. Syntax X509::not_valid_after Example: when CLIENTSSL_HANDSHAKE { set not_valid_after [X509::not_valid_after [SSL::cert 0]] log "Not Valid After: $not_valid_after" } Related Information Valid Events: CLIENTSSL_CLIENTCERT. CLIENTSSL_HANDSHAKE.aFleX Engine Ver.509 certificate. CLIENTSSL_HANDSHAKE. HTTP_REQUEST_SEND. HTTP_REQUEST.509 certificate. HTTP_RESPONSE_DATA.Reference SSL and X509 Commands . 2.AX Series . HTTP_RESPONSE_CONTINUE X509::not_valid_before Returns the not-valid-before date of an X. HTTP_REQUEST. HTTP_REQUEST_DATA.: D-030-01-00-0007 .aFleX Scripting Language . Syntax X509::not_valid_before Example: when CLIENTSSL_HANDSHAKE { set not_valid_before [X509::not_valid_before [SSL::cert 0]] log "Not Valid Before: $not_valid_before" } Related Information Valid Events: CLIENTSSL_CLIENTCERT. HTTP_RESPONSE_DATA.0 6/21/2010 b y 149 of 166 . 509 certificate. HTTP_REQUEST. CLIENTSSL_HANDSHAKE. HTTP_RESPONSE_DATA. 2.0 6/21/2010 . HTTP_REQUEST_SEND. HTTP_RESPONSE_CONTINUE X509::subject Returns the subject of an X.aFleX Engine Ver. HTTP_RESPONSE. HTTP_REQUEST.X509::serial_number X509::serial_number Returns the serial number of an X.aFleX Scripting Language .: D-030-01-00-0007 .Reference SSL and X509 Commands . Syntax X509::serial_number Example: when CLIENTSSL_HANDSHAKE { set serial_number [X509::serial_number [SSL::cert 0]] log "Serial Number: $serial_number" } Related Information Valid Events: CLIENTSSL_CLIENTCERT. HTTP_RESPONSE_DATA.AX Series . HTTP_RESPONSE_CONTINUE 150 of 166 P e r f o r m a n c e b y D e s i g n Document No.509 certificate. CLIENTSSL_HANDSHAKE. Syntax SSL::verify_result [<result_code>] Example: when CLIENTSSL_HANDSHAKE { set subject [X509::subject [SSL::cert 0]] log "subject $subject" } Related Information Valid Events CLIENTSSL_CLIENTCERT. HTTP_REQUEST_SEND. HTTP_REQUEST_DATA. HTTP_REQUEST_DATA. HTTP_RESPONSE. HTTP_RESPONSE_DATA. CLIENTSSL_HANDSHAKE. HTTP_RESPONSE_DATA. HTTP_REQUEST_SEND. HTTP_RESPONSE_CONTINUE P e r f o r m a n c e D e s i g n Document No. Syntax X509::verify_cert_error_string <error_code> Example: when CLIENTSSL_HANDSHAKE { set result [X509::verify_cert_error_string [SSL::verify_result]] log "result $result" } Related Information Valid Events CLIENTSSL_CLIENTCERT.509 error string.aFleX Engine Ver.aFleX Scripting Language . HTTP_REQUEST. HTTP_RESPONSE. 2.Reference SSL and X509 Commands . HTTP_REQUEST_SEND. HTTP_RESPONSE.X509::verify_cert_error_string X509::verify_cert_error_string Returns the error string as an OpenSSL X.: D-030-01-00-0007 . HTTP_REQUEST_DATA. HTTP_REQUEST. CLIENTSSL_HANDSHAKE. HTTP_REQUEST_DATA.0 6/21/2010 b y 151 of 166 .509 certificate.AX Series . Syntax X509::version Example: when CLIENTSSL_HANDSHAKE { set version [X509::version [SSL::cert 0]] log "Version Number: $version" } Related Information Valid Events: CLIENTSSL_CLIENTCERT. HTTP_RESPONSE_CONTINUE X509::version Returns the version number of an X. aFleX Scripting Language .: D-030-01-00-0007 . use the following command: STATS::clear server <server-name | ipaddr> [<port-num> <tcp | udp>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Syntax – Clear Virtual Server Statistics: To clear statistics for a virtual server.Reference STATS Commands . virtual server. or service group (pool).AX Series .aFleX Engine Ver.0 6/21/2010 . 2. use the following command: STATS::clear pool <pool-name> [member <ipaddr> <port-num>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Valid Events: All events Example: when HTTP_REQUEST { STATS::clear server rs-server-2 80 tcp total-connection STATS::clear virtual-server vip-1 80 http total-connection STATS::clear pool sg-tcp80 total-connection } 152 of 166 P e r f o r m a n c e b y D e s i g n Document No. use the following command: STATS::clear virtual-server <vip-name| vipaddr> [<port-num> <service-type>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Syntax – Clear Service Group Statistics: To clear statistics for a service group.STATS::clear STATS Commands STATS::clear Clears statistics for a real server (node). Syntax – Clear Real Server Statistics: To clear statistics for a real server. aFleX Scripting Language . virtual server. By default.STATS::get STATS::get Retrieves statistics for a real server (node). By default.: D-030-01-00-0007 .aFleX Engine Ver. statistics for all the server’s real ports are returned.AX Series . Syntax – Get Virtual Server Statistics: To retrieve statistics from a virtual server. 2. Optionally. use the following command: STATS::get server <server-name | ipaddr> [<port-num> <tcp | udp>] current-connection | total-connection | request-pkt | response-pkt [partition shared] You can specify the server by its name or IP address (<server-name> or <ipaddr>). To specify the types of statistics to return. you can specify an individual port by its port number (0-65535) and Layer 4 protocol (tcp or udp). use the following command: STATS::get virtual-server <vip-name| vipaddr> [<port-num> <service-type>] current-connection | total-connection | request-pkt | response-pkt [partition shared] You can specify the virtual server by its name or VIP address (<vip-name> or <vipaddr>). use one of the following options: • current-connection • total-connection • request-pkt • response-pkt The shared partition option applies the command to real servers in the shared partition. Syntax – Get Real Server Statistics: To retrieve statistics from a real server.Reference STATS Commands . P e r f o r m a n c e D e s i g n Document No. the STATS::get command acts only upon the real servers located in the Role-Based Administration (RBA) partition that contains the aFleX policy. or service group (pool).0 6/21/2010 b y 153 of 166 . statistics for all the service group’s members are returned. statistics for all the virtual server’s ports are returned.10. By default.10.AX Series . The other options are the same as those for real servers. udp.10. https.STATS::get Optionally.10. you can specify an individual port by its port number (0-65535) and service type (tcp.10.10 80 For another example.: D-030-01-00-0007 . By default.aFleX Engine Ver. you can specify an individual member (server and port) by the real server IP address and protocol port number.10.10. The other options are the same as those for real servers and virtual servers. Valid Events: All events Example: The following policy will select a real server based on the current connection counter: when CLIENT_ACCEPTED { set total1 [STATS::get server 10. Optionally.10.10 current-connection] set total2 [STATS::get server 10. Syntax – Get Service Group Statistics: STATS::get pool <pool-name> [member <ipaddr> <port-num>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Specify the service group by its name (pool-name). http.0 6/21/2010 . see Example 3 in “LB::reselect” on page 106. 154 of 166 P e r f o r m a n c e b y D e s i g n Document No.20 80 } else } } { node 10. and so on).aFleX Scripting Language .Reference STATS Commands .20 current-connection] if { $total1 > $total2 } { node 10. 2. Syntax TCP::client_port Example: when CLIENT_ACCEPTED { if { [TCP::client_port] > 1000 } { pool slow_pool } else { pool fast_pool } } Related Information Valid Events: ALL TCP::close Closes the TCP connection. Syntax TCP::close Example: when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if {[TCP::payload] contains "abc"} { pool abc_pool TCP::release } else { TCP::close } } P e r f o r m a n c e D e s i g n Document No.0 6/21/2010 b y 155 of 166 .TCP::client_port TCP Commands TCP::client_port Returns the TCP port/service number of the specified client.aFleX Engine Ver.Reference TCP Commands .aFleX Scripting Language . 2.AX Series .: D-030-01-00-0007 . This command is equivalent to the command clientside { TCP::remote_port } and to client_port. Example: when CLIENT_ACCEPTED { TCP::collect 15 } when CLIENT_DATA { if { [TCP::payload 15] contains "XYZ" } { pool xyz_servers } else { pool web_servers } } Related Information Valid Events: CLIENT_ACCEPTED TCP::local_port Returns the local TCP port/service number.Reference TCP Commands .0 6/21/2010 .aFleX Scripting Language .: D-030-01-00-0007 .AX Series . Syntax TCP::local_port 156 of 166 P e r f o r m a n c e b y D e s i g n Document No. 2.aFleX Engine Ver.TCP::collect TCP::collect Causes TCP to start collecting the specified amount of content data. Syntax TCP::collect <length> The <length> parameter specifies the minimum number of bytes to collect. This command is equivalent to the variable local_port. TCP::mss Example: when CLIENT_ACCEPTED { if {[IP::protocol] == 47 || [TCP::local_port] == 1723} { # GRE used by MS PPTP server.: D-030-01-00-0007 .Reference TCP Commands .aFleX Scripting Language .0 6/21/2010 b y 157 of 166 . TCP control channel pool ms_pptp } elseif {[IP::protocol] == 50 || [IP::protocol] == 51 || [UDP::local_port] == 500} { # AH and ESP used by IPSec. Syntax TCP::mss Example: when CLIENT_ACCEPTED { log "MSS is [TCP::mss]" } TCP::offset Returns the position in the TCP data stream in which the collected TCP data starts. 2. IKE used by IPSec pool ipsec_pool } elseif {[IP::protocol] == 115} { pool l2tp_pool # L2TP Protocol server } } TCP::mss Returns the on-wire Maximum Segment Size (MSS) for a TCP connection. Syntax TCP::offset Example: when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if {[TCP::offset] > 1000} { TCP::release } } P e r f o r m a n c e D e s i g n Document No.aFleX Engine Ver.AX Series . TCP::payload length Returns the amount of accumulated TCP data content in bytes. Syntax TCP::release 158 of 166 P e r f o r m a n c e b y D e s i g n Document No.TCP::payload TCP::payload Returns the accumulated TCP data content. Example: when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if { [TCP::payload] contains "flower" } { pool http-sg2 } else { pool http-sg3 } } Related Information Valid Events CLIENT_DATA. or replaces collected payload with the specified data.aFleX Engine Ver.Reference TCP Commands . TCP::payload <offset> <size> Returns the accumulated TCP data content start from <offset>. 2. SERVER_DATA TCP::release Causes TCP to resume processing the connection and flush collected data.AX Series .0 6/21/2010 . Syntax TCP::payload [<size>] TCP::payload <offset> <size> TCP::payload length TCP::payload [<size>] Returns the accumulated TCP data content.aFleX Scripting Language .: D-030-01-00-0007 . 0 6/21/2010 b y 159 of 166 .: D-030-01-00-0007 .x variable server_port.TCP::remote_port Example: when CLIENT_ACCEPTED { TCP::collect 1500 } when CLIENT_DATA { if {[TCP::offset] > 1000} { TCP::release } } TCP::remote_port Returns the remote TCP port/service number.aFleX Engine Ver. When used with the serverside command (that is. This command is equivalent to the command serverside { TCP::remote_port } and to the BIG-IP 4. the TCP::remote_port command is equivalent to the TCP::server_port command. 2.AX Series .Reference TCP Commands . Syntax TCP::remote_port Example: when SERVER_CONNECTED { log "server TCP port = [TCP::remote_port]" } TCP::server_port Returns the TCP port/service number of the specified server. clientside TCP::remote_port). Note: This command replaces the remote_port command.aFleX Scripting Language . the TCP::remote_port command is equivalent to the TCP::client_port command. When used with the clientside command (that is. serverside TCP::remote_port). Syntax TCP::server_port P e r f o r m a n c e D e s i g n Document No. Syntax use <object> <object_name> Example: when HTTP_REQUEST { if { [HTTP::uri] contains "aol" } { use pool aol_pool } else { use pool all_pool } } 160 of 166 P e r f o r m a n c e b y D e s i g n Document No. A10 Networks recommends using the commands node and pool directly.Reference TIME Commands . 2.: D-030-01-00-0007 .AX Series .aFleX Scripting Language . Syntax TIME::clock [seconds | milliseconds] Example: when CLIENT_ACCEPTED { set curtime [TIME::clock seconds] set formattedtime [clock format $curtime -format {%H:%S} ] log "the time is: $formattedtime" } use This command is provided for backwards compatibility.0 6/21/2010 . and pool.TIME::clock Example: when SERVER_CONNECTED { if { [TCP::server_port] > 1000 } { pool slow_pool } else { pool fast_pool } } TIME Commands TIME::clock Return the system time.aFleX Engine Ver. The use statement must be paired with certain commands such as node. However. in seconds or milliseconds. 2. Syntax UDP::local_port P e r f o r m a n c e D e s i g n Document No. SERVER_CLOSED.: D-030-01-00-0007 .aFleX Scripting Language . CLIENT_CLOSED. SERVER_DATA UDP::local_port Returns the local UDP port/service number.0 6/21/2010 b y 161 of 166 .AX Series .Reference UDP Commands . SERVER_CONNECTED.UDP::client_port Related Information Valid Events: ALL UDP Commands UDP::client_port Returns the UDP port/service number of the client system.aFleX Engine Ver. CLIENT_DATA. Syntax UDP::client_port Example: when CLIENT_ACCEPTED { if { [UDP::client_port] equals 80 } { pool pool-80 } } Related Information Valid Events CLIENT_ACCEPTED. This command is equivalent to the command clientside { UDP::remote_port }. SERVER_CLOSED. CLIENT_DATA. CLIENT_CLOSED. Syntax UDP::mss Example: when CLIENT_ACCEPTED { log "MSS is [UDP::mss]" } Related Information Valid Events CLIENT_ACCEPTED. SERVER_CONNECTED.AX Series . SERVER_DATA UDP::mss Returns the on-wire Maximum Segment Size (MSS) for a UDP connection. CLIENT_CLOSED. SERVER_CONNECTED. 2.Reference UDP Commands . SERVER_DATA 162 of 166 P e r f o r m a n c e b y D e s i g n Document No. CLIENT_DATA.aFleX Engine Ver. SERVER_CLOSED.: D-030-01-00-0007 .UDP::mss Example: when CLIENT_ACCEPTED { if {[IP::protocol] == 47 || [TCP::local_port] == 1723} { # GRE used by MS PPTP server. TCP control channel pool ms_pptp } elseif {[IP::protocol] == 50 || [IP::protocol] == 51 || [UDP::local_port] == 500} { # AH and ESP used by IPSec.aFleX Scripting Language . IKE used by IPSec pool ipsec_pool } elseif {[IP::protocol] == 115} { pool l2tp_pool # L2TP Protocol server } } Related Information Valid Events CLIENT_ACCEPTED.0 6/21/2010 . CLIENT_CLOSED.aFleX Scripting Language .UDP::payload UDP::payload Returns the content or length of the current UDP payload.Reference UDP Commands .0 6/21/2010 b y 163 of 166 . Syntax UDP::remote_port P e r f o r m a n c e D e s i g n Document No. Syntax UDP::payload [<size>] UDP::payload length UDP::payload offset size UDP::payload [<size>] Returns the content of the current UDP payload.AX Series . SERVER_CONNECTED.aFleX Engine Ver. CLIENT_DATA. Example: when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if { [UDP::payload 12 20] contains "a10networks" } { pool dns-sg1 } else { pool dns-sg2 } } Related Information Valid Events CLIENT_ACCEPTED. UDP::payload offset size Returns the content of the current UDP payload from <offset>.: D-030-01-00-0007 . of the current UDP payload. UDP::payload length Returns the length. in bytes. 2. SERVER_CLOSED. SERVER_DATA UDP::remote_port Returns the remote UDP port/service number. Reference UDP Commands . SERVER_CLOSED. SERVER_DATA 164 of 166 P e r f o r m a n c e b y D e s i g n Document No. 2.: D-030-01-00-0007 . CLIENT_DATA. SERVER_CONNECTED. This command is equivalent to the command serverside { UDP::remote_port }.aFleX Engine Ver. CLIENT_CLOSED.AX Series . Syntax UDP::server_port Example: when SERVER_CONNECTED { if { [UDP::server_port] equals 80 } { log "Port 80 was selected" } } Related Information Valid Events CLIENT_ACCEPTED. SERVER_CLOSED.aFleX Scripting Language .UDP::server_port Example: when CLIENT_ACCEPTED { if { [UDP::remote_port] equals 80 } { pool pool-80 } } Related Information Valid Events CLIENT_ACCEPTED. CLIENT_CLOSED. SERVER_DATA UDP::server_port Returns the UDP port/service number of the server. CLIENT_DATA.0 6/21/2010 . SERVER_CONNECTED. P e r f o r m a n c e b y D e s i g n 166 . a10networks.worldwide) Tel: +1-888-822-7210 (support . San Jose.P e r f o r m a n c e b y D e s i g n Corporate Headquarters A10 Networks. CA 95131-1125 USA Tel: +1-408-325-8668 (main) Tel: +1-408-325-8676 (support .com 166 . Inc.toll-free in USA) Fax: +1-408-325-8666 www. 2309 Bering Dr.