You are on page 1of 304

aFleX Scripting Language Reference

A10 Thunder Series™ and AX Series
Document No.: D-030-01-00-0007
aFleX Engine Ver. 2.0 7/2/2013

Note: This edition applies to ACOS 2.7.1.

©

2013 A10 Networks, Inc. - All Rights Reserved

Information in this document is subject to change without notice.
Trademarks
A10 Networks, A10 Thunder, vThunder, the A10 logo, aACI, aCloud, ACOS, aDCS, aDNS, aELB, aFleX, aFlow, aGalaxy,
aPlatform, aUSG, aVCS, aWAF, aXAPI, IDAccess, IDSENTRIE, IP to ID, SmartFlow, SoftAX, Thunder, Unified Service
Gateway, Virtual Chassis, VirtualADC, and VirtualN are trademarks or registered trademarks of A10 Networks, Inc. All
other trademarks are property of their respective owners.

Patents Protection
A10 Networks products including all AX Series products are protected by one or more of the following US patents and patents pending: 20120216266, 20120204236, 20120179770, 20120144015, 20120084419, 20110239289, 20110093522,
20100235880, 20100217819, 20090049537, 20080229418, 20080148357, 20080109887, 20080040789, 20070283429,
20070282855, 20070271598, 20070195792, 20070180101, 8423676, 8387128, 8332925, 8312507, 8291487, 8266235,
8151322, 8079077, 7979585, 7716378, 7675854, 7647635, 7552126

Confidentiality
This document contains confidential materials proprietary to A10 Networks, Inc. This document and information and ideas
herein may not be disclosed, copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior written
consent of A10 Networks, Inc.

A10 Networks Inc. Software License and End User Agreement
Software for all A10 Networks products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees
to treat Software as confidential information.
Anyone who uses the Software does so only in compliance with the terms of the End User License Agreement (EULA),
provided later in this document or available separately. Customer shall not:
1) reverse engineer, reverse compile, reverse de-assemble or otherwise translate the Software by any means
2) sublicense, rent or lease the Software.

Disclaimer
This document does not create any express or implied warranty about A10 Networks or about its products or services,
including but not limited to fitness for a particular use and non-infringement. A10 Networks has made reasonable efforts to
verify that the information contained herein is accurate, but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product specifications and features described in this publication are based on the latest
information available; however, specifications are subject to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current information regarding its products or services. A10
Networks’ products and services are subject to A10 Networks’ standard terms and conditions.

Environmental Considerations
Some electronic components may possibly contain dangerous substances. For information on specific component types,
please contact the manufacturer of that component. Always consult local authorities for regulations regarding proper disposal of electronic components in your area.

Further Information
For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10
Networks location, which can be found by visiting www.a10networks.com.

A10 Thunder Series and AX Series – aFleX Reference
End User License Agreement

End User License Agreement
IMPORTANT: PLEASE READ THIS END USER LICENSE AGREEMENT CAREFULLY. DOWNLOADING, INSTALLING OR USING A10 NETWORKS OR A10
NETWORKS PRODUCTS, OR SUPPLIED SOFTWARE CONSTITUTES ACCEPTANCE OF THIS AGREEMENT.
A10 NETWORKS IS WILLING TO LICENSE THE PRODUCT TO YOU ONLY UPON
THE CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS
LICENSE AGREEMENT. BY DOWNLOADING OR INSTALLING THE SOFTWARE,
OR USING THE EQUIPMENT THAT CONTAINS THIS SOFTWARE, YOU ARE
BINDING YOURSELF AND THE BUSINESS ENTITY THAT YOU REPRESENT
(COLLECTIVELY, "CUSTOMER") TO THIS AGREEMENT. IF YOU DO NOT
AGREE TO ALL OF THE TERMS OF THIS AGREEMENT, THEN A10 NETWORKS
IS UNWILLING TO LICENSE THE SOFTWARE TO YOU AND DO NOT DOWNLOAD, INSTALL OR USE THE PRODUCT.
The following terms of this End User License Agreement ("Agreement") govern Customer's access and use of the Software, except to the extent there is a separate
signed agreement between Customer and A10 Networks governing Customer's use
of the Software
License. Conditioned upon compliance with the terms and conditions of this Agreement, A10 Networks Inc. or its subsidiary licensing the Software instead of A10 Networks Inc. ("A10 Networks"), grants to Customer a nonexclusive and
nontransferable license to use for Customer's business purposes the Software and
the Documentation for which Customer has paid all required fees. "Documentation"
means written information (whether contained in user or technical manuals, training
materials, specifications or otherwise) specifically pertaining to the product or products and made available by A10 Networks in any manner (including on CD-Rom, or
on-line).
Unless otherwise expressly provided in the Documentation, Customer shall use the
Software solely as embedded in or for execution on A10 Networks equipment owned
or leased by Customer and used for Customer's business purposes.
General Limitations. This is a license, not a transfer of title, to the Software and
Documentation, and A10 Networks retains ownership of all copies of the Software
and Documentation. Customer acknowledges that the Software and Documentation
contain trade secrets of A10 Networks, its suppliers or licensors, including but not
limited to the specific internal design and structure of individual programs and associated interface information. Accordingly, except as otherwise expressly provided
under this Agreement, Customer shall have no right, and Customer specifically
agrees not to:
a.

transfer, assign or sublicense its license rights to any other person or entity,
or use the Software on unauthorized or secondhand A10 Networks equipment

b.

make error corrections to or otherwise modify or adapt the Software or create derivative works based upon the Software, or permit third parties to do
the same

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

3 of 304

A10 Thunder Series and AX Series – aFleX Reference
End User License Agreement
c.

reverse engineer or decompile, decrypt, disassemble or otherwise reduce
the Software to human readable form, except to the extent otherwise
expressly permitted under applicable law notwithstanding this restriction

d.

disclose, provide, or otherwise make available trade secrets contained
within the Software and Documentation in any form to any third party without the prior written consent of A10 Networks. Customer shall implement
reasonable security measures to protect such trade secrets.

Software, Upgrades and Additional Products or Copies. For purposes of this
Agreement, "Software" and “Products” shall include (and the terms and conditions of
this Agreement shall apply to) computer programs, including firmware and hardware, as provided to Customer by A10 Networks or an authorized A10 Networks
reseller, and any upgrades, updates, bug fixes or modified versions thereto (collectively, "Upgrades") or backup copies of the Software licensed or provided to Customer by A10 Networks or an authorized A10 Networks reseller.
OTHER PROVISIONS OF THIS AGREEMENT:
a.

CUSTOMER HAS NO LICENSE OR RIGHT TO USE ANY ADDITIONAL
COPIES OR UPGRADES UNLESS CUSTOMER, AT THE TIME OF
ACQUIRING SUCH COPY OR UPGRADE, ALREADY HOLDS A VALID
LICENSE TO THE ORIGINAL SOFTWARE AND HAS PAID THE APPLICABLE FEE FOR THE UPGRADE OR ADDITIONAL COPIES

b.

USE OF UPGRADES IS LIMITED TO A10 NETWORKS EQUIPMENT FOR
WHICH CUSTOMER IS THE ORIGINAL END USER PURCHASER OR
LEASEE OR WHO OTHERWISE HOLDS A VALID LICENSE TO USE THE
SOFTWARE WHICH IS BEING UPGRADED

c.

THE MAKING AND USE OF ADDITIONAL COPIES IS LIMITED TO NECESSARY BACKUP PURPOSES ONLY.

Term and Termination. This Agreement and the license granted herein shall remain
effective until terminated. All confidentiality obligations of Customer and all limitations of liability and disclaimers and restrictions of warranty shall survive termination
of this Agreement.
Export. Software and Documentation, including technical data, may be subject to
U.S. export control laws, including the U.S. Export Administration Act and its associated regulations, and may be subject to export or import regulations in other countries. Customer agrees to comply strictly with all such regulations and acknowledges
that it has the responsibility to obtain licenses to export, re-export, or import Software and Documentation.

Trademarks
A10 Networks, A10 Thunder, vThunder, the A10 logo, aACI, aCloud, ACOS, aDCS, aDNS,
aELB, aFleX, aFlow, aGalaxy, aPlatform, aUSG, aVCS, aWAF, aXAPI, IDAccess, IDSENTRIE,
IP to ID, SmartFlow, SoftAX, Unified Service Gateway, Virtual Chassis, VirtualADC, and VirtualN are trademarks or registered trademarks of A10 Networks, Inc. All other trademarks are property of their respective owners.

Patents Protection
A10 Networks products are protected by one or more of the following US patents and patents
pending: 20120216266, 20120204236, 20120179770, 20120144015, 20120084419,
20110239289, 20110093522, 20100235880, 20100217819, 20090049537, 20080229418,
20080148357, 20080109887, 20080040789, 20070283429, 20070282855, 20070271598,

4 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
End User License Agreement
20070195792, 20070180101, 8423676, 8387128, 8332925, 8312507, 8291487, 8266235,
8151322, 8079077, 7979585, 7716378, 7675854, 7647635, 7552126

Limited Warranty
Disclaimer of Liabilities. REGARDLESS OF ANY REMEDY SET FORTH FAILS
OF ITS ESSENTIAL PURPOSE OR OTHERWISE, IN NO EVENT WILL A10 NETWORKS OR ITS SUPPLIERS BE LIABLE FOR ANY LOST REVENUE, PROFIT,
OR LOST OR DAMAGED DATA, BUSINESS INTERRUPTION, LOSS OF CAPITAL,
OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL, OR PUNITIVE
DAMAGES HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY OR WHETHER ARISING OUT OF THE USE OF OR INABILITY TO USE
PRODUCT OR OTHERWISE AND EVEN IF A10 NETWORKS OR ITS SUPPLIERS
OR LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
In no event shall A10 Networks’ or its suppliers' or licensors' liability to Customer,
whether in contract, (including negligence), breach of warranty, or otherwise, exceed
the price paid by Customer for the Software that gave rise to the claim or if the Software is part of another Product, the price paid for such other Product.
Customer agrees that the limitations of liability and disclaimers set forth herein will
apply regardless of whetherCustomer has accepted the Software or any other product or service delivered by A10 Networks. Customer acknowledges and agrees that
A10 Networks has set its prices and entered into this Agreement in reliance upon the
disclaimers of warranty and the limitations of liability set forth herein, that the same
reflect an allocation of risk between the parties (including the risk that a contract
remedy may fail of its essential purpose and cause consequential loss), and that the
same form an essential basis of the bargain between the parties.
The Warranty and the End User License shall be governed by and construed in
accordance with the laws of the State of California, without reference to or application of choice of law rules or principles. If any portion hereof is found to be void or
unenforceable, the remaining provisions of the Agreement shall remain in full force
and effect. This Agreement constitutes the entire and sole agreement between the
parties with respect to the license of the use of A10 Networks Products unless otherwise supersedes by a written signed agreement.

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

5 of 304

A10 Thunder Series and AX Series – aFleX Reference
End User License Agreement

6 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

Inc. click . This option downloads a text log file. ACOS 2. Corporate Headquarters A10 Networks. resellers. and distributors who hold valid A10 Networks Regular and Technical Support service contracts.: D-030-01-00-0007 . the A10 Networks Technical Assistance Center provides support services online and over the phone.aFleX 2. Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference Obtaining Technical Assistance Obtaining Technical Assistance For all customers. USING THE GUI (RECOMMENDED) 1. Email the file as an attachment to support@a10networks. 3 West Plumeria Dr San Jose. partners.1 7/2/2013 7 of 304 .com Collecting System Information Your A10 Networks device provides a simple method to collect configuration and status information for Technical Support to use when diagnosing system issues. On the main page (Monitor Mode > Overview > Summary). To collect system information. CA 95134 USA Tel: +1-408-325-8668 (main) Tel: +1-888-822-7210 (support – toll-free in USA) Tel: +1-408-325-8676 (support – direct dial) Fax: +1-408-325-8666 www.com. 2. No.a10networks.7. Log into the GUI.0. 3. use either of the following methods.

0. to capture output generated by the CLI.com.aFleX 2. please also provide the following information: • Windows platform (XP/Vista/Windows) • Service pack level • Problem description • Copy of the aFleX script (if applicable) 8 of 304 Customer Driven Innovation Doc. Log into the CLI. Enable logging in your terminal emulation application. 2.7. 3. Note: As an alternative to saving the output in a log file captured by your terminal emulation application. see the CLI Reference for the software version you are running. 4. Enter the show techsupport command. Email the file as an attachment to support@a10networks. Enter the enable command to access the Privileged EXEC mode of the CLI. ACOS 2. After the command output finishes. 6.) Additional Information Required In addition to the ACOS device information gathered using the procedures above.: D-030-01-00-0007 .1 7/2/2013 .A10 Thunder Series and AX Series – aFleX Reference Obtaining Technical Assistance USING THE CLI 1. Enter your enable password at the Password prompt. No. you can export the output from the CLI using the following command: show techsupport export [use-mgmt-port] url (For syntax information. save the output in a text file. 5.

1 7/2/2013 9 of 304 . Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference About This Document About This Document This document describes features of the A10 Networks Advanced Core Operating System (ACOS). ACOS 2. These features are supported on the following product lines: • A10 ThunderTM Series Unified Application Service Gateway • AX Series Advanced Traffic Manager / Application Delivery Controller.aFleX 2. No. see the release notes.7. FIGURE 1 A10 Thunder 6430 FIGURE 2 AX 5630 For details about feature support on specific models.: D-030-01-00-0007 .0.

aFleX 2. if applicable.1 7/2/2013 . Note: 10 of 304 Some guides include GUI configuration examples. the new options are not applicable to the examples.: D-030-01-00-0007 . Also make sure to set up your device’s Lights Out Management (LOM) interface. see the GUI Reference or the GUI online help. and also are available on the A10 Networks support site. These documents are included on the documentation CD shipped with your product.0. some GUI pages may have new options that are not shown in the example screen images.A10 Thunder Series and AX Series – aFleX Reference About This Document User Documentation Information is available for ACOS products in the following documents. ACOS 2. Basic Setup • Installation Guides • System Configuration and Administration Guide Security Guides • Management Access Security Guide • Application Access Management and DDoS Mitigation Guide • Web Application Firewall Guide Application Delivery Guides • Application Delivery and Server Load Balancing Guide • Global Server Load Balancing Guide References • LOM Reference • GUI Reference • CLI Reference • aFleX Reference • MIB Reference • aXAPI Reference Make sure to use the basic deployment instructions in the Installation Guide for your Thunder or AX model. Customer Driven Innovation Doc. In these cases. and in the System Configuration and Administration Guide.7. In these examples. No. For information about any option in the GUI.

0.A10 Thunder Series and AX Series – aFleX Reference About This Document Audience This document is intended for use by network architects for determining applicability and planning implementation. please log onto your A10 support account. The VirtualADC is an interactive forum where you can find detailed information from product specialists. To access the VirtualADC. ACOS 2. on an updated documentation CD (posted as a zip archive). Documentation Updates Updates to these documents are published periodically to the A10 Networks support site. No.1 7/2/2013 11 of 304 .com A10 Virtual Application Delivery Community You can use your A10 support login to access the A10 Virtual Application Delivery Community (VirtualADC).: D-030-01-00-0007 .a10networks.aFleX 2.a10networks. navigate here: http://www.7. You also can ask questions and leave comments. http://www. and for system administrators for provision and maintenance of A10 Networks products. To access the latest version.com/adc/ Customer Driven Innovation Doc.

A10 Thunder Series and AX Series – aFleX Reference About This Document 12 of 304 Customer Driven Innovation Doc. ACOS 2.7.1 7/2/2013 .0.aFleX 2. No.: D-030-01-00-0007 .

......................................................... 35 aFleX Script Components ............................................... No............................ 33 Tcl Symbols ...................................................................................................................................................................................................................................................................7............................................................................0.................................................................... 7 Additional Information Required.......................................................................................................................................................................................................................................................... 25 Advantages of Using aFleX Policies .................... 30 aFleX Online Help ............................................................................................................................. ACOS 2.......................................................................................................................................................................................................................................................................................................................A10 Thunder Series and AX Series – aFleX Reference Contents End User License Agreement 3 Obtaining Technical Assistance 7 Collecting System Information............................................................................. 33 aFleX Syntax ....................................................................................................................................... 30 aFleX Script Rename ............................................................................................................................................................................................................... 11 aFleX Basics 25 Overview.... 34 aFleX Context – Clientside or Serverside ................ 26 aFleX Configuration Prerequisites ...................................................................... 36 aFleX Operators ............................................................................................................................. 11 A10 Virtual Application Delivery Community................ 29 Maximum Number of aFleX Scripts ................................................................................................... 27 aFleX Processing Order ................ 39 aFleX Commands ......................................................................................................................................................................... 10 Audience......................................................................: D-030-01-00-0007 ......................................... 26 aFleX Script Editor ............................................1 7/2/2013 13 of 304 ........................... 28 When aFleX Policy Changes Take Effect .......................................................... 36 aFleX Events ..................... 27 Support for Multiple aFleX Policies on a Single Virtual Port ........................................ 39 Examples ...............................................aFleX 2................................ 11 Documentation Updates ............................................................... 26 Example: a Simple aFleX Script ........... 8 About This Document 9 User Documentation............................................................................... 32 Copy aFleX Script ......................................... 40 Command Summary by Type .................................................................................................................................................................................................................................................................. 29 Maximum Filesize of aFleX Scripts ................................................................... 42 Customer Driven Innovation Doc....................................

...................................................... 73 Reset ...........................................................................................................................................................................aFleX 2..................................................................... 74 Search Menu Functions ....................: D-030-01-00-0007 .............................. 77 View Line Number .................................................................................................................................................... 69 Menu Functions................................................................................................................................................. 63 Installing and Starting aFleX Script Editor .............................................................................................................................................................................................................................................................................................................................. 71 File Functions .......... 74 Exit ............................................................................................................................................................................................................................................................................................................ 73 Export ................ 78 View End of Line .................................................................. 74 Undo / Redo ........................................................................................................................................................................................... 71 New aFleX ........................................................................................................................................................................................................................................................................................ 69 View aFleX Scripts ......................................................................... 77 View White Space ............................... 77 View Indention Guides .......... 72 Delete Rule .................66 Create an aFleX Script ............................................................................................................................................................................................................................................................................................................................................................................... 77 View Fold Margin ................................................................................................................................................... 66 aFleX Templates .................................. 77 View Word Wrap ...................................................................................... No................... 67 Connect to an AX Device – aFleX File Transfer ...................................................................................................................................................................... 73 Save .......... 75 Replace ................................................71 Overview .................................................................................................... 76 View Menu Functions ......... 73 Import ..........................7.......................... 74 Cut / Copy / Paste / Delete ............................................................................................................................................................... 75 Go to Line .............................................................................................................................................................................................................................................................................. 71 Connect AX / Disconnect AX ................................................................................... 75 Find / Find Next / Find Previous ................................................................................................ 78 14 of 304 Customer Driven Innovation Doc............................................ ACOS 2............................................................................................................................................. 78 View Book Marks ....................................................................................................................... 77 View Margin .................. 74 Select All ...63 aFleX Script Editor .................................................................................................................................................. 73 Rename ...........................................................................................................................................................................................................................................................A10 Thunder Series and AX Series – aFleX Reference Contents aFleX Script Editor 63 Overview .............. 74 Edit Menu Functions .............................................................................................................................. 72 Download ........................................0.................................................................................... 72 Upload ....................1 7/2/2013 ............................................. 66 Editing aFleX Scripts – Getting Started .......................................................... 65 aFleX Script Editor Features ...................................................................................................................................................................

....... 93 RULE_INIT .................................................................................... 80 Status Window ............................................................. 96 HTTP_REQUEST_SEND ............................................................. 82 Using the CLI—Creating an aFleX Script in the CLI ........................................................................................................................................................................................................................... 88 Using the GUI .............................................................. 93 LB_FAILED ..................................................... 78 View Output Window .............................. 98 HTTP_RESPONSE_DATA ............................................................. 79 Set Keyword Color ............0....................................................................................................................................................................................... 95 HTTP_REQUEST_DATA ................................................................................................................... 79 Set Text Color ................................................................................................................................................................................................................ 97 HTTP_RESPONSE ..................................................................................................................................................................................................................................................................................................................................................................................................... 79 Help Menu Functions .......................................................................................................... 89 Events 93 Global Events .... 79 Set Background Color ...........................................................................: D-030-01-00-0007 ................................................... 94 HTTP Events ................................... 80 About aFleX Editor ............................................................................................................................................... 79 Font .............................................. 86 aFleX Configuration .......................aFleX 2................................................................A10 Thunder Series and AX Series – aFleX Reference Contents View Status Bar ............. 94 LB_SELECTED ........................................................ 88 Troubleshooting aFleX Syntax Errors .. 98 Customer Driven Innovation Doc.......................................................................................................................................................................................................................................................................................7.......................... 87 Syntax Check ..................................................................... 79 Set Comment Color ............................................................................................................................................................................................................. 87 CLI Example ............................................................. 80 Other aFleX Script Editor Functions...................................................................................................................... No........................... 79 My Last Setting ............................ 87 Cancelling the aFleX Input Session ........................................................... 79 Set Line Number Color ....................................................................................................... 81 Using the CLI—Using an Imported aFleX Script............................................... 80 Drag and Drop File Function .................................. 80 Applying aFleX Scripts To Virtual Ports 81 Pre-Loaded aFleX Scripts . ACOS 2............................................................................ 95 HTTP_REQUEST ..................................................................................................................................................................1 7/2/2013 15 of 304 .......................................................................................................................................................................................................................................................................................................................................................................................................... 78 Options Menu Functions ........................................................................................................................................................ 97 HTTP_RESPONSE_CONTINUE ........................

......................... 106 DIAMETER_REQUEST ..........aFleX 2.................................................... 103 CACHE_REQUEST ................................................................................................................................................................................. TCP............................................................................................................................................. ACOS 2.................................... 116 16 of 304 Customer Driven Innovation Doc............................ 100 SERVER_CLOSED ....................................................................................................... 102 SERVER_DATA .................................................................................................................................................................................................................................................................................................................................................................................................................................................. 106 DIAMETER_REQUEST_SEND ............................................................................................................................. 110 DBLB Events .................................................................. 116 starts_with .................................................... 100 CLIENT_DATA .................................................................................................................................................................................................................................................................................................................................. 103 DNS Events .............................................................................................................................................................................................. 114 matches ..................................................................................................................................................................................................................................................................................................... 107 SSL Events ................ and UDP Events ........................................................................... 105 FIX_REQUEST ................................................................................................................................................................................................................................................................................................................... No.......................................................................... 109 SIP_REQUEST ......................................................................................................................................................: D-030-01-00-0007 ............................................ 102 RAM Caching Events ....... 113 equals ............................................................ 103 CACHE_RESPONSE ........ 99 CLIENT_ACCEPTED ................................................ 99 CLIENT_CLOSED ...............................................................1 7/2/2013 ..................... 113 contains ......................... 104 FIX Events .......................... 108 SERVERSSL_HANDSHAKE ........................................................................................................ 115 matches_regex ............................................................................................................................ 111 Operators 113 Relational Operators ......................................................................................7............................................ 106 DIAMETER_ANSWER .................................A10 Thunder Series and AX Series – aFleX Reference Contents IP..................................................................................................................................................... 105 FIX_RESPONSE ............................................................................................................................ 111 DB_COMMAND ............................................................................................ 107 DIAMETER_ANSWER_SEND ................................................................................................................................................................................0................................................... 113 ends_with ...................................................................................... 111 DB_QUERY ............................................................ 108 CLIENTSSL_HANDSHAKE ...... 108 CLIENTSSL_CLIENTCERT .......... 104 DNS_REQUEST ........................................................................................................................................................................................................... 108 SIP Events ..................................................................................................................................................................................................... 110 SIP_RESPONSE .. 105 Diameter Load Balancing Events .. 104 DNS_RESPONSE .......................... 101 SERVER_CONNECTED .......... 109 SIP_REQUEST_SEND ...........

......................................................................................................................................................................................................................................................................................................................A10 Thunder Series and AX Series – aFleX Reference Contents Logical Operators ................................................................................................... 127 members ............................................................................................................................................................................................................................................................................................................................................................aFleX 2........................................................................................................................................ 126 log ............................................................................. 144 Customer Driven Innovation Doc.........................................................................: D-030-01-00-0007 ............................... 144 when ........................................................................................................................................... 117 and ...................... 140 switch ...... 128 nexthop ... 117 or ................................................................................................................................................................................ 126 md5 .......................................................................................................................................................................... 121 discard ................................................................................................................ 138 sha1 ........................................................................................................................................................................................................................................................................................................................................................... 128 node ..................................................................................................................................................................................... 122 encoding ..................................................................................................................................................................... 119 active_members ................................................ 118 Commands 119 GLOBAL Commands .......................................................................................... 121 domain ....................................................................................................... 124 getfield ............................................................ 119 b64decode ........ No..................................................................................... 119 b64encode .......................................................... 144 whereis ......................................................................................................................................................................................... 136 serverside .............................................................................................................................................................................................................. 125 htons ....................................................... 131 pool ............................................................... 134 use ............................................................................................................................................................................................................................................................................................................ 120 cpu .................................................................7........................ 136 session ................. 139 substr ......................1 7/2/2013 17 of 304 .................................................... 130 persist ......................................................... 138 snatpool ..................................................................................................................................................................................................................................................................................... 130 ntohs ........................................................................................................................................ 120 clientside .............................. 123 findstr ..................................................................................................................................... 125 htonl ........... 123 event .................................................................................................................................................................................................................. 141 virtual ............................................................................................................. 135 reject ........................0....................................... 122 drop ................ ACOS 2.............................................................................................................. 129 ntohl ..................................................................................................................................................................................................................................................................................... 117 not ........................................................................................................... 137 set encode ..........................................

.................................................................... 165 LID::type .......................................................................................................162 LID::conn_limit ........................................................................................................................ 158 CLASS::match ..................................aFleX 2..........................................................................................................0........................................................................................................................................................................................: D-030-01-00-0007 ............................................................................................................... 161 LID Commands .................. 150 array .................................................................................................................. 164 LID::request_limit ...................................................................................................................................................... 153 table incr ........166 LINK::lasthop ............................................................................................................................................................................................................................................ 152 table add ........................................................................................................................................................................... 163 LID::nat_pool ................................ 161 CLASS::type ..................................................................................................................... 149 set ............................... 153 table lookup .......................1 7/2/2013 ....... 150 unset ....................................................................................................... 167 18 of 304 Customer Driven Innovation Doc........................................................................ 155 table keys ................................................................................................................................................................ No................... 154 table append ...................................................................... 155 table lifetime .................................................................................................................... 164 LID::request_rate_limit ..................................................................151 table set .............................................................................................................. 152 table replace ................................................................................................ 162 LID::conn_rate_limit ............................A10 Thunder Series and AX Series – aFleX Reference Contents Global Variable Commands ............................................................................................................................ 154 table timeout ................................................................................................. 154 table delete ................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................ 156 Class List Commands......................... ACOS 2............................................................................................................................................................................................................. 151 Table Commands............................................................................................................................................................................................... 149 incre ...................... 163 LID::exists ...................................158 CLASS::exists ..................................................................... 166 LINK::vlan_id ............................................................... 158 CLASS::names ................................................................................................................................................................7......................................................................... 166 LINK::nexthop ...................................................................................... 150 get ........... 165 Link Commands ....................................................................................................................................

..................................................................................................aFleX 2.......................................................................................................................................................................................................................................................................................................................................................... 196 AES Commands......................................................................................................... 189 HTTP::respond ........... 191 HTTP::stream .................................................: D-030-01-00-0007 ..................................................................................................................................................................................................................................................................................................................................................................................... 195 COMPRESS::disable ................................... ACOS 2................................................................................................................................................................. 187 HTTP::redirect ........................................... 189 HTTP::request_num ..................................................................................................... 195 COMPRESS::enable ..................................................1 7/2/2013 19 of 304 ................................................................... 176 HTTP::close ..................................................................... 195 COMPRESS::gzip ..................................................................................................................................................... 168 LB::server ........A10 Thunder Series and AX Series – aFleX Reference Contents Load-balancing (LB) Commands ............................... 178 HTTP::fallback ....................................................................................................... 193 HTTP::version ............................... 167 LB::down .............................................................................. 181 HTTP::host .............................................................................................................. 185 HTTP::path ............................................................................................................................................ 188 HTTP::release ....................................................................................... 175 HTTP Commands....................................................................................................... 194 Compression Commands ............................................... 188 HTTP::request ................................................................................................................................................................................................................................................................................................................................................................................................... 198 Customer Driven Innovation Doc........... 196 AES::encrypt ........... 176 HTTP::collect ......................................................... 191 HTTP::status ............................................................................................................................................. 190 HTTP::retry ......................... No....................................................................................................................... 185 HTTP::payload ............................................................................................... 181 HTTP::header ...............................................................................................................................................................0......... 184 HTTP::method .................................................................................................................................................................................................................................................................................................................................................................................................................. 174 LB::status pool ..................................................... 197 AES::key ........................................... 196 AES::decrypt ........................................... 183 HTTP::is_keepalive ............................................................................................... 176 HTTP::cookie ..........................................................................................................................................................7........................................................... 172 LB::status node ..................................... 167 LB::reselect ................................................................................................ 186 HTTP::query ........................................ 192 HTTP::uri ........................................................... 184 HTTP::is_redirect ....................................................................

..............................................199 IP::addr ................................................................................. 214 DNS::ttl ...................................................................................................................................................................................................... 208 DNS::len ......................... 218 DNS Example .................................................................. 225 SIP::via ............ 225 SIP Command Examples ........................................................................................................................................................................................................ 206 DNS::authority .............................................................................................................................. ACOS 2....................................... 223 SIP::respond ........................................................................................................................ 202 IP::server_addr ...................................: D-030-01-00-0007 ..................... 213 DNS::rr .......................................................... 215 DNS::type ........................................................................................................................205 DNS::additional ..................................... 207 DNS::header ..................................................................................................................... 200 IP::protocol .................................................................................................................................................................................................................................................................... 200 IP::local_addr ............................................................ 224 SIP::response ....................................................................................................................................................................... 211 DNS::class .................................................................................................................................................................................................................................... 222 SIP::header .......................................... 224 SIP::to ................................................... 215 DNS::return .............................................................................. 212 DNS::name ............................................................... 205 DNS Commands .............0................... 201 IP::remote_addr .............................................................................................................. 217 DNS::is_dnssec ........ 210 DNS::query ............................................................................................................................................. 199 IP::client_addr .................................................................aFleX 2.................................................................................................7.................................................... 203 IP::ttl ..................................................................................................................................................... 210 DNS::question ............................................................................................................................................................................................................................................................................................................................................................................................. 218 DNS::opt ..................................................................................................................................................................... 227 20 of 304 Customer Driven Innovation Doc.........................................................A10 Thunder Series and AX Series – aFleX Reference Contents IP Commands ..................................................................................... 219 SIP Commands ................................... 216 DNS::cache ................... 225 SIP::uri ............................................................................................................................................................................................................................... 205 DNS::answer .............................................................. 203 IP::tos .................................................... 204 IP::version ...222 SIP::call_id .................................................................................................................................................................. 222 SIP::header insert .................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................... 222 SIP::from ...................................................................................................................................................................................... 223 SIP::method .............................................................................................................................. 213 DNS::rdata ............................................................................................. 202 IP::stats ................................................................................................................................................................................................................................................................................................................................1 7/2/2013 .... No.....

............................................................................................................................................................................ 233 RAM Caching Commands.................................................................................................................................................................................................... 250 SSL::enable ................................................................................................................................................................................................................................................... ACOS 2............................................................................... 252 SSL::template ............................................................................................................. 234 CACHE::age ................................................................................................................................................................................................................................... 249 SSL::verify_result .................... 235 CACHE::headers ............................... 244 RADIUS::id ......................................................................................................................................................................................................................................................................................................................................................................................................... 234 CACHE::enable ........................................................................... 237 Diameter Load Balancing Commands ............... 246 SSL::cert count ....................0.................. 247 SSL::cert mode ............ 242 DIAMETER::version ..............................................7............................................................................................. 236 CACHE::hits ................................. 245 SSL::cert ............................................................................................................... 241 DIAMETER::length ................ 251 SSL::mode ...........................................................................................................................................................................A10 Thunder Series and AX Series – aFleX Reference Contents Policy-Based SLB Commands ................... 248 SSL::sessionid .................................... 233 POLICY::bwlist id .......................................................... 244 RADIUS::length ............................................................................................................................................................................................................................................................................................................................................................................................................... 238 DIAMETER::app_id .............................................................................................................................................................. 251 SSL::sessionid ............................................................. 242 RADIUS Message Load-balancing Commands....................................................................................................................................................................................................................................................... No............................................................................................................................................................... 243 RADIUS::avp .......................1 7/2/2013 21 of 304 .................................................................................. 243 RADIUS::code ................................ 247 SSL::cert issuer ........................................................................................................................... 245 SSL Commands ........................................................................................................................................................................................................................ 252 SSL::session invalidate .......................................................... 247 SSL::cipher ................ 235 CACHE::expire ......................... 238 DIAMETER::cmd_code .............................................................. 250 SSL::disable ........ 238 DIAMETER::avp ...................................... 253 Customer Driven Innovation Doc........ 234 CACHE::disable ................aFleX 2................................: D-030-01-00-0007 .......................................................................................................

..................................................................0....................................................................................................................................................... 260 X509::subject_public_key_type ......................................................................................................................................................................................... 263 STATS Commands............................... 262 X509::whole ................ 267 TCP::close ................................. 259 X509::subject ............................................................................................................................................................................................................................... 258 X509::serial_number ............................................................. 278 TCP::respond .....264 STATS::clear ............ 274 TCP::offset ...........................................................................................................................................: D-030-01-00-0007 ...................................................... 268 TCP::local_port ............................................................................................................ 264 STATS::get ....................................................................................................................................................................... 258 X509::signature_algorithm ................................................ 265 TCP Commands........................................................................................................................... 261 X509::verify_cert_error_string .............................................................................................................................................................................................................................................................. 275 TCP::payload .................................................................................................................................................................................................... No.........................................................................................................A10 Thunder Series and AX Series – aFleX Reference Contents X509 Commands ........................................................................................................................................................................... 277 TCP::server_port ..... 276 TCP::release .................................................................................................................................................................... 256 X509::not_valid_after ....1 7/2/2013 .................................................................................................7..................................................................... 260 X509::subject_public_key_RSA_bits ....................................aFleX 2..................... ACOS 2........................................................................................... 254 X509::hash ........................... 279 22 of 304 Customer Driven Innovation Doc.......................................................................................................................................................267 TCP::client_port ................................................................... 277 TCP::remote_port ........................................................ 267 TCP::collect ................................................... 262 X509::version . 259 X509::subject_public_key ................ 273 TCP::mss ..........................................................................................................................................................................................254 X509::extensions ......................................................................................................................................................... 274 TCP::rtt ................................................................................................................................................. 261 X509::text ........... 257 X509::not_valid_before ........................................................................................................................................................................................ 256 X509::issuer ...........................................................279 TIME::clock ....... 278 TIME Commands ...................................................................................................................................................................................................................................................................................................................................................................

................................................................................... 289 FIX::msg_type ............................. 289 FIX::sender_compid .......... 295 TEMPLATE::conn_reuse ........................................................................................................................................................ 299 Deprecated and Disabled Commands 301 Deprecated Commands .................................................................................................................................................... 282 UDP::respond .................................................................................................... 296 TEMPLATE::ssl .................................... 283 URI Commands........................................................................................................................................................................................................................................... No............................................................................................................................................................................. 288 FIX::body_length .................................................................. 292 Template Commands...................................................................................................................................... 285 URI::basename .............................. 298 TEMPLATE::udp ..............................................................................................................................................................................................................................A10 Thunder Series and AX Series – aFleX Reference Contents UDP Commands.......... 293 TEMPLATE::cache ..............: D-030-01-00-0007 ................................................................................... 293 TEMPLATE::exists .................................7...1 7/2/2013 23 of 304 ................................................................... 296 TEMPLATE::http ............................................................................................................................................. 286 URI::path .................................................................................................................................................................................................................................................. 288 FIX::msg_seq_num ................................................................... 301 Disabled Tcl Commands ........................................................................................... 282 UDP::server_port .................. 280 UDP::payload ............................................................................................................................................................................................................................................................................................................................................................................... 288 FIX::begin_string ........................ ACOS 2...................................................................................................................................... 290 FIX::target_compid ......................................................... 292 DB::Query ............................................... 287 Financial Information eXchange Commands..............................................................................................................................0............ 286 URI::query ............................................................................................................................................................................... 284 URI::decode .................... 292 DB::Command ................................................................................................................ 290 FIX::sending_time ........................................................... 280 UDP::client_port .................................................................................................................................................................................................. 291 Database Load Balancing (DBLB) Commands ............................................................................................................... 280 UDP::local_port .................................................................................................. 302 Customer Driven Innovation Doc.................................................................................. 281 UDP::remote_port .............................................................................................................................................. 294 TEMPLATE::client_ssl ............................... 284 URI::encode ................................................................... 297 TEMPLATE::tcp ..............................................................aFleX 2.............................

A10 Thunder Series and AX Series – aFleX Reference Contents 24 of 304 Customer Driven Innovation Doc.0. No.: D-030-01-00-0007 . ACOS 2.1 7/2/2013 .7.aFleX 2.

The aFleX scripting language is based on the Tool Command Language (Tcl) programming standard for simplicity and familiarity. it must be bound to a virtual port on the ACOS device.0. For an aFleX policy to work. FIGURE 3 aFleX overview Customer Driven Innovation Doc.aFleX 2.7.1 7/2/2013 25 of 304 . Then the aFleX policy can make policy decisions by inspecting the payload packets from all traffic going through the virtual port.: D-030-01-00-0007 .A10 Thunder Series and AX Series – aFleX Reference aFleX Basics aFleX Basics Overview The aFleX scripting language is a powerful inline custom scripting engine that provides in-depth. redirect). drop. No. granular control of inspection and redirection policies (filter. ACOS 2.

providing backwards compatibility for customized solutions. save the script in Unicode UTF-8 format. or a third-party text editor. Use the ACOS GUI or a third-party editor instead. 26 of 304 Customer Driven Innovation Doc. To set the language in the GUI to UTF-8. and direct packets based on the search results. • aFleX policies can search packet headers or even the actual packet con- tent. set the language in the GUI as Unicode (UTF8).10] } { pool my_pool } } aFleX Script Editor The aFleX Script Editor makes it easy to write an aFleX script (see “aFleX Script Editor” on page 63). select View > Encoding > Unicode.7. ACOS 2. • aFleX policies can redirect traffic to a group of servers bound to a vir- tual port. In Internet Explorer.10. or to individual ports and URIs on a specific pool member (server).aFleX 2. If you plan to create aFleX scripts in the ACOS GUI. You can use the ACOS GUI or another editor to create the aFleX file. The A10 aFleX Script Editor does not support UTF-8 format in the current release. • aFleX policies can maintain persistence • Tcl scripts created using leading competitors’ scripting engines often can be easily converted into aFleX scripts. • aFleX policies provide complete flexibility. No. You also can create aFleX scripts using the ACOS GUI GUI or CLI.: D-030-01-00-0007 . Note: To create an aFleX script in a non-English language (for example. to one specific server in a pool (service group).0.10.1 7/2/2013 .A10 Thunder Series and AX Series – aFleX Reference aFleX Basics Advantages of Using aFleX Policies aFleX policies allow you to exercise more granular control of packet inspection and traffic load balancing. Example: a Simple aFleX Script when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10. supporting both simple and sophisticated content-switching needs. configure the browser so that you can view UTF-8 encoding. Japanese).

UDP.aFleX 2. or “Others”). then the policy can only bind to the virtual port that can process HTTP traffic. • The virtual port must be processing the application type that the Event Declaration in the aFleX policy is triggering on. Example: If an aFleX policy includes the event declaration CLIENT_ACCEPTED. you must bind it to a virtual port on the ACOS device. In other words. aFleX commands that change the HTTP header or payload are not supported. ACOS 2. All other types of templates Customer Driven Innovation Doc. Note: For virtual port type fast-HTTP.7. the AX device will continue to redirect traffic to the default server pool (SLB service group) assigned to the virtual port. Example: If the aFleX policy includes an event declaration for HTTP_REQUEST.0. • Once an aFleX policy is bound to a virtual port. Here is the complete SLB processing order for virtual port traffic. aFleX Processing Order aFleX policies have higher priority than most templates. • If no aFleX policy is assigned to the virtual port. No. then the policy is triggered whenever the AX device accepts a client request. template parameters are processed in the following order: 1.: D-030-01-00-0007 . except cookie persistence templates.1 7/2/2013 27 of 304 . the virtual port’s service type must be fast-http or http.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics aFleX Configuration Prerequisites • For an aFleX policy to take effect. DNS template 2. Policy template 3. the policy is triggered whenever the AX device encounters the Event Declaration. Packet Processing Order for Layer 4 Virtual Ports For Layer 4 virtual ports (TCP.

server template limits are applied for both service-group and server selection. “pool”.1 7/2/2013 .) will enforce server template limits on the selected server. “persist”. The URL switching template chooses server server10. the traffic is directed to server20. server20. Support for Multiple aFleX Policies on a Single Virtual Port You can bind up to 8 aFleX scripts to be bound to a single virtual port.0. As a result.0. template parameters are processed in the following order: 1. 28 of 304 Customer Driven Innovation Doc. but the aFleX policy chooses another server. Note: Beginning with AX Release 2. beginning with the first script bound to the virtual port and ending with the last script bound to the virtual port.aFleX 2. Layer 4 packet processing (described above in “Packet Processing Order for Layer 4 Virtual Ports” on page 27) 2. ACOS 2. use the no def-selection-if-pref-failed command for the vport. When multiple aFleX scripts are bound to a virtual port. However. The multiple scripts are processed exactly as if they were concatenated together into a single aFleX script. Multiple events of the same type are executed sequentially (top to bottom). new connections that match a persist uie entry may be unable to use the rport and a default server selection will occur instead. Both the URL switching template and the aFleX policy are applicable to a client’s traffic. Layer 7 server selection: a. the traffic ultimately will be directed to server30.: D-030-01-00-0007 . the scripts are processed from the top down. Since the aFleX policy has higher priority. a URL switching template and a cookie persistence template. aFleX policy (script) c. All other types of templates Example: A virtual port is bound to an aFleX policy and two application templates. No. if the cookie persistence template selects server30.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics Packet Processing Order for Layer 7 Virtual Ports For Layer 7 virtual ports (for example: HTTP).e. To prevent default server selection. as though they were all in the same script.7. Commands that call for server selection (i. etc.. Cookie persistence template b. “node”.7.

Select Config Mode > Service > SLB > Global. USING THE GUI 1.4.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics When aFleX Policy Changes Take Effect aFleX policy changes do not affect traffic that is already active on a virtual port.1 7/2/2013 29 of 304 . the aFleX policy does not affect those sessions. No. The active sessions are still processed using the aFleX policy as it was before the changes. The aFleX policy only affects sessions that begin after the aFleX policy is applied to the virtual port. to 16-256 Kbytes. if you change an aFleX policy that is already bound to a virtual port. if you bind an aFleX policy to a virtual port on which some traffic sessions are already active. On the ACOS device. you can change the maximum script size. use the following command at the global configuration level of the CLI: [no] aflex max-filesize KBytes Customer Driven Innovation Doc.7. 3. You can specify 16-256. Maximum Filesize of aFleX Scripts By default. The policy changes apply only to sessions that begin after the policy changes are saved. ACOS 2.aFleX 2. USING THE CLI To change the maximum aFleX file size.: D-030-01-00-0007 . If Role-Based Administration (RBA) is configured on the device. Likewise. Edit the number in the Maximum Size aFleX field. the maximum filesize supported on an AX device for an aFleX script is 32 Kbytes. For example. 2. Click OK. the changes do not apply to sessions that are active when you change the policy. the maximum supported filesize is 128 K. the maximum applies to the shared partition and all private partitions.3-P2. Note: In AX releases earlier than 2.0.

Click OK.7. aFleX Online Help Beginning with AX Release 2. 3.1 7/2/2013 .0. Edit the number in the Max aFleX File field. you can access aFleX help information through the ACOS CLI.7. select Partition. If Role-Based Administration (RBA) is configured on the device. Partition admins can change the maximum number of aFleX scripts allowed in a partition. use the following commands to access all aFleX help information: aflex help Enter the following command to list the names and descriptions of all aFleX events. USING THE CLI Use the following command at the global configuration level of the CLI: [no] partition partition-name max-aflex-file num You can specify 1-128. 2. or operators: 30 of 304 Customer Driven Innovation Doc. You can specify 1-128. global commands. ACOS 2. No. the ACOS device can have a maximum of 1024 aFleX scripts. 5.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics Maximum Number of aFleX Scripts By default.0.: D-030-01-00-0007 . On the menu bar. Note: aFleX help information is available through the CLI only and not accessible from the GUI. Select the partition. Select Config Mode > System > Admin. Syntax From the configuration level of the CLI. (Click the checkbox next to the partition name. USING THE GUI 1.aFleX 2. each private partition can have 32 aFleX scripts by default. to 1-128.) 4.

The function is used in SMP environment for high-performance processing. Customer Driven Innovation Doc.1 7/2/2013 31 of 304 . If the bwlist_name is not specified.Returns the current time in the unit of seconds. Note: The lowest resolution of the timer is 4 milliseconds.: D-030-01-00-0007 .7. enter the specific command name for string. use the string option to display all aFleX events or commands that match the specified string: To display the full length description of a command. the binded bwlist on the vport is used.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics aflex help [events |global | operators] [string] Optionally. No.Returns the current time in the unit of milliseconds.0. TIME::clock milliseconds .aFleX 2. The function is used in SMP environment for high-performance processing. The following example displays help information for POLICY::bwlist: AX2500(config)#aflex help policy::bwlist POLICY::bwlist id <ip> [<bwlist_name>] . Output Examples This example displays help information for aFleX TIME commands: AX2500(config)#aflex help time TIME::clock seconds .Returns the group id of the specified ip address on the black-white list. ACOS 2.

No. USING THE GUI 1. Edit the name in the Name field. and rebind it afterward.aFleX 2.1 7/2/2013 . showing the new name. For example. USING THE CLI To rename an aFleX script on the ACOS device.0. Click OK.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics aFleX Script Rename Beginning with this release. 2. The list of aFleX scripts reappears. The ACOS device automatically updates the configuration everywhere the renamed script is applied. The list of configured aFleX scripts appears. the script’s name is automatically updated in the virtual port’s configuration. use the following command at the global configuration level of the CLI: aflex rename old-name new-name 32 of 304 Customer Driven Innovation Doc. 3. if the script is already bound to a virtual port. Navigate to Config Mode > Service > aFleX. ACOS 2. Click on the aFleX name to display the configuration page for it. You do not need to manually update the virtual port configuration. 4. you do not need to unbind an aFleX script before renaming it.7. The GUI also automatically updates the aFleX name everywhere the script is used.: D-030-01-00-0007 .

notice how the line breaks are placed inside the { }. aFleX Syntax An aFleX script is a Tcl-like script. After evaluation of each word.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics Copy aFleX Script Beginning with AX Release 2.0.1 7/2/2013 33 of 304 .7..0. The function is executed with the rest of the words as arguments. USING THE CLI From the configuration level of the CLI. this word is unaffected and substitution is thus not applicable. If a word is surrounded by curly braces { }. The { } may also be nested. USING THE GUI The current release does not support this option using the GUI. The aFleX interpreter takes each word of command call and evaluates it..: D-030-01-00-0007 . the first word (command) is considered to be a function name. Every command call has the following form: command arg1 arg2 arg3 . No.aFleX 2. Inside the braces. ACOS 2. you have the ability to easily copy an existing aFleX script to a new file name. The CLI console notifies you if copy failure is due to a syntax error. In the following example.7. use the following command: aflex copy script-name destination-script-name Note: Scripts that contain syntax errors cannot be copied. if {$c log } else log } == "Exit"} { "Bye!" { "Rock On!" Customer Driven Innovation Doc. there may be spaces and carriage returns.

Later. Statement separator. '$c == "Exit"' is the second word. see the following: http://en. Example: $argv0 could be replaced by /usr/bin/somescript. Substitution still occurs.tcl Subcommand substitution. no further evaluation is needed. 2. a statement ends with the end of the line. # .7. This symbol can be used only at the beginning of a statement. during the execution of the if command. No. Because of the surrounding curly braces. Tcl Symbols The Tcl symbols listed in Table 1 have special meanings.1 7/2/2013 . Comment. \ Example: {you are $user} is one word. : : By default. 3. There is nothing to be evaluated.org/wiki/Programming:Tcl Note: 34 of 304 Also see “Deprecated and Disabled Commands” on page 301. For the same reason as the second word. Word grouping without substitutions. TABLE 1 Tcl Symbols Supported in aFleX Policies Delimiter $ “ “ Description Variable substitution. 4. There is nothing to be evaluated.aFleX 2.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics The aFleX interpreter sees this script as 5 words: 1. Backslash substitution/escape or statement continuation. 'log "Rock On!"' is the fifth word. No further evaluation is needed. 5. 'if'. the condition '$c == "Exit"' is evaluated. 'else' is the fourth word. Example: [pwd] could be replaced by /home/joe Word grouping with substitutions.wikibooks. { } Example "you are $user" is one word. The first word. ACOS 2. there is no further evaluation on this word. is taken as the command and this command is executed with the 4 following words as parameters.: D-030-01-00-0007 . [ ] Example: ::foo::bar For information about standard Tcl syntax. 'if' is the first word. $user is not replaced. Namespace path separator for variables or commands.0. 'log "Bye!"' is the third word. Customer Driven Innovation Doc.

: D-030-01-00-0007 .1.aFleX 2.80 ] pool my_pool } } } { To change the default context of any aFleX script.1. • Key words: “clientside” or “serverside” • Only specify the context keywords if you want to change default con- text.1. use the clientside or serverside key words. when CLIENT_ACCEPTED { if { [IP::addr [clientside {IP::remote_addr}] equals 10. No.1 7/2/2013 35 of 304 . Example: This aFleX script uses the default CLIENT side association to the REMOTE_ADDR. Because CLIENT_ACCEPTED has a default context of clientside.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics aFleX Context – Clientside or Serverside aFleX scripts support context for specifying either client or server side: • Each event has a default context of either client-side or server-side.7. Example: This aFleX policy switches the remote_addr field to the clientside from the default serverside association with the SERVER_CONNECTED event.1. ACOS 2. the remote_addr field is automatically assigned to clientside.80 ] } { pool my_pool2 } } Customer Driven Innovation Doc. when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 10.0.

36 of 304 Customer Driven Innovation Doc. if all nodes in the pool are down or all their connection limits have been reached. TABLE 2 aFleX Event Declarations Event Type Global Event Name and Description RULE_INIT Triggered when used in an aFleX policy.80 ] pool my_pool } } } { Table 2 lists the event declarations supported in aFleX policies.: D-030-01-00-0007 .0. Example: } when CLIENT_ACCEPTED { if { [IP::addr [IP::remote_addr] equals 10.1. if an aFleX policy is configured to be triggered by the HTTP_REQUEST event. Event declarations are made with the “when” keyword followed by the event name. No. for example. LB_FAILED Triggered when the ACOS device can not select a node (server) for the incoming request. the ACOS device triggers the aFleX policy when an HTTP request is received. The AX device triggers an aFleX policy based on a specified event.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics aFleX Script Components aFleX scripts consist of the following element types: • Events • Operators • Commands aFleX Events aFleX scripts are event-driven.1 7/2/2013 .1. For example. LB_SELECTED Triggered when the system selects a pool member. ACOS 2.aFleX 2.7.

HTTP_REQUEST_DATA Triggered whenever the request receives new HTTP content data.: D-030-01-00-0007 . HTTP_RESPONSE Triggered when the AX device parses all of the response status and header lines from the server response. HTTP_RESPONSE_CONTINUE Triggered whenever the AX device receives a 100 Continue response from the server. HTTP_RESPONSE_DATA Triggered whenever the AX device receives new HTTP content data from the response.1 7/2/2013 37 of 304 . ACOS 2.0. CLIENT_CLOSED Triggered when the client-side connection closes. CACHE_RESPONSE Triggered immediately prior to sending a cache response. DNS DNS_REQUEST Triggered when the DNS request packet arrives. UDP Event Name and Description CLIENT_ACCEPTED Triggered when a client establishes a connection.7. RAM Caching CACHE_REQUEST Triggered when a VIP receives a request for a cached object. SERVER_DATA Triggered when the AX device has received new data from the target node while the connection is in hold state. FIX FIX_REQUEST Triggered when the system receives a FIX request. HTTP_REQUEST_SEND Triggered immediately before a request is sent to a server. FIX_RESPONSE Triggered when the system receives a FIX response. No. Server-side event. SERVER_CLOSED Triggered when the server side connection closes. DNS_RESPONSE Triggered when the DNS reply packet arrives.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 2 aFleX Event Declarations (Continued) Event Type IP. CLIENT_DATA Triggered when a client receives new data while the connection is in collect state. Customer Driven Innovation Doc.aFleX 2. HTTP HTTP_REQUEST Triggered when the AX device fully parses a complete client request header. TCP. SERVER_CONNECTED Triggered when the AX device establishes a connection with the target node.

1 7/2/2013 .aFleX 2. SSL CLIENTSSL_CLIENTCERT Triggered when an SSL client certificate is received. SERVERSS_HANDSHAKE Triggered when an SSL handshake on the server side is completed. CLIENTSSL_HANDSHAKE Triggered when an SSL handshake on the client side is completed.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 2 aFleX Event Declarations (Continued) Event Type Diameter load balancing Event Name and Description DIAMETER_REQUEST Triggered when the system fully parses a complete Diameter request message. DBLB DB_QUERY Triggered when the ACOS system receives a full SQL query from the client side. 38 of 304 Customer Driven Innovation Doc. No. DIAMETER_ANSWER_SEND Triggered immediately before a Diameter answer is sent by the ACOS device. SIP_RESPONSE Triggered when the ACOS system receives a full SIP response from the server. SIP_REQUEST_SEND Triggered when the ACOS system sends the SIP request to the server. DIAMETER_REQUEST_SEND Triggered immediately before a Diameter request is sent by the ACOS device.: D-030-01-00-0007 .0. DIAMETER_ANSWER Triggered when the system fully parses a complete Diameter answer message. DB_COMMAND Triggered when the ACOS system receives an SQL command from the client side. ACOS 2. SIP SIP_REQUEST Triggered when the ACOS system receives a full SIP request header from the client.7.

Table 3 lists the operators supported in aFleX policies. matches Tests whether one string matches another string. starts_with Tests whether one string (string1) starts with another string (string2).7. not Performs a logical “not” on a value.: D-030-01-00-0007 . • Query commands: • IP packet header query – Returns information from the IP header. matches_regex Tests whether one string matches a regular expression. aFleX Commands aFleX commands can perform the following types of operations: • Global – Performs actions such as selecting a pool (SLB service group) or node (server). or Performs a logical “or” comparison between two values.aFleX 2. equals Tests whether one string equals another string.0. TABLE 3 aFleX Operators Operator Type Relational Operator Name and Description contains Tests whether one string (string1) contains another string (string2). Logical and Performs a logical “and” comparison between two values. No. • HTTP packet header or content query – Returns information from the HTTP header or payload. or UDP packet data query – Returns information from the payload. TCP.1 7/2/2013 39 of 304 . • IP. ends_with Tests whether one string (string1) ends with another string (string2).A10 Thunder Series and AX Series – aFleX Reference aFleX Basics aFleX Operators aFleX policies use operators to compare operands in an expression. Customer Driven Innovation Doc. ACOS 2.

• Deep packet inspection – Returns strings from packets.168.: D-030-01-00-0007 . • HTTP header and content manipulation – Changes HTTP headers or content. • SSL and X.gif" } { pool gif_pool } elseif { [HTTP::uri] ends_with ".0.0.168_pool. Examples Example: Pool Selection This aFleX script uses the if command to determine which pool to send traffic to based on the file type “gif” or “jpg”.168. No.509 query – Returns information from or about certificates.0/16] } { pool 192.100. • TCP header and content manipulation – Changes TCP headers or content.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics • Header and content manipulation: • HTTP cookie manipulation – Changes cookies.0/16 subnet direct to a special pool 192.168.1 7/2/2013 .aFleX 2. when HTTP_REQUEST { if { [HTTP::uri] ends_with ". when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 192.7.0. ACOS 2.jpg" } { pool jpg_pool } } Example: Node Selection This aFleX script uses the “node” command to select one specific server to send the traffic to.168_pool } else { pool other_pool } } 40 of 304 Customer Driven Innovation Doc.gif" } { node 192. when HTTP_REQUEST { if { [HTTP::uri] ends_with ".10 80 } } Example: IP Packet Header Query – IP Address This example shows that the traffic from client in 192.

when CLIENT_ACCEPTED { if { [IP::tos] == 16 } { pool tos16_pool } else { pool other_pool }} Example: TCP Query This aFleX script uses the payload field to check for the words XYZ or ABC to properly redirect traffic.: D-030-01-00-0007 . No. when CLIENT_DATA { if { [TCP::payload] contains "XYZ" } { pool xyz_servers } elseif { [substr[TCP::payload] 50.0. 3] =="ABC" } { pool abc_servers } else { pool web_servers } } Customer Driven Innovation Doc. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics Example: IP Packet Header Query – Protocol Number This example shows the protocol field being inspected for clientside protocol value of “6”.7.1 7/2/2013 41 of 304 . when CLIENT_ACCEPTED{ if { [IP::protocol] == 6 } { pool tcp_pool } else { pool slow_pool } } } Example: IP Packet Header Query – ToS Level This example shows the ToS field being inspected for clientside ToS value of “16”.aFleX 2.

This option is useful in aFleX policies that are located in a private partition. discard Causes the current packet or connection (depending on the context of the event) to be discarded. see “Commands” on page 119. cpu usage [1sec | 5secs | 15secs | 1min | 5mins | 15mins | all_seconds | all_minutes] Returns the average CPU load for the given interval.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics Command Summary by Type Table 4 lists the aFleX commands according to the types of operations they perform.0. This statement must be conditionally associated with an if statement.7. b64encode <string> Returns the specified string. All averages are exponential weighted moving averages over the interval. where they are listed alphabetically. TABLE 4 aFleX Commands Command Type Global 42 of 304 Command Name and Description active_members <pool_name> [partition shared] Returns the number of active members in the pool. Returns NULL if there is an error.1 7/2/2013 . decoded from base-64. ACOS 2. when you want the aFleX policy to act upon service groups in the shared partition instead. This command has no effect if the aFleX policy is already being evaluated under the client-side context. Returns NULL if there is an error. No. Customer Driven Innovation Doc. For more information about the aFleX commands. this command acts upon the service groups (pools) located in the partition that contains the aFleX policy. b64decode <string> Returns the specified string. The partition shared option causes the aFleX policy to act upon service groups in the shared partition instead.aFleX 2. encoded as base-64. clientside {<aFleX commands>} Causes the specified aFleX commands to be evaluated under the client-side context. By default.: D-030-01-00-0007 .

The statement does this by performing variable expansion on the message as defined for the Header Insert HTTP profile attribute. persist uie <string> [<timeout>] persist add uie <key> [timeout] persist lookup uie <key> [all | node | port | pool] persist delete uie <key> persist size uie [global] Configures persistence of clients with SLB resources. However. encoding {convertfrom | convertto} <encoding> Converts the character encoding of a payload to the specified encodiing. event [<name>] [enable | disable] | [enable all | disable all] Discontinues evaluating the specified aFleX event. takes some action. No. ntohs <netshort> Converts the unsigned short integer from network byte order to host byte order. md5 Returns the RSA MD5 Message Digest Algorithm message digest of the specified string. ACOS 2.1 7/2/2013 43 of 304 . htonl <hostlong> Converts the unsigned integer from host byte order to network byte order. thus bypassing any load-balancing. htons <hostshort> Converts the unsigned short integer from host byte order to network byte order. depending on the answer. Note: The maximum number of if statements that you can nest in an aFleX policy is 100. log [<facility> <level>} <message> Generates and logs the specified message to the Syslog facility.: D-030-01-00-0007 . Customer Driven Innovation Doc.) aFleX Commands (Continued) Command Name and Description domain <string> <count> Parses the specified string as a dotted domain name and returns the last <count> portions of the domain name. a log statement can produce large amounts of output.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 Command Type Global (cont. If not used appropriately. node <addr> [<port>] Causes the identified server node to be used directly. or all aFleX events.0. the aFleX script continues to run. members Counts or lists all members in a service group. ntohl <netlong> Converts the unsigned integer from network byte order to host byte order. nexthop Sets the next hop for a connection. if { <expression> } {<statement_command>} elseif { <expression> } {<statement_command>} Asks a true or false question and. on a connection.7.aFleX 2. drop Same as the discard command.

0 (SHA1) message digest of the specified string. This option is useful in aFleX policies that are located in a private partition.0. No. session add ssl <key> <data> [<timeout>] Creates a table to store SSL information. return [<expression>] Terminates execution of the aFleX event and optionally return the result of evaluating <expression>. this command acts upon the service groups (pools) located in the partition that contains the aFleX policy.: D-030-01-00-0007 . Generally. This statement must be conditionally associated with an if statement. snatpool <snatpool_name> Uses the specified pool of IP addresses as translation addresses to create a SNAT. virtual name Returns the name of the associated virtual server that the connection is flowing through. reject Causes the connection to be rejected. substr <string> <skip_count> [<terminator>] Returns a sub-string named <string>. you can specify a specific pool member to which you want to direct the traffic. based on the values of the <skip_count> and <terminator> arguments. set encode "<encoding>" Sets the character encoding for data payloads. the <key> is the session ID and the data is the SSL verify_result or the SSL certificate. the command adds an entry to the table. All aFleX events begin with a when command.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type Global (cont. returning a reset as appropriate for the protocol. depending on a given value.) Command Name and Description pool <pool_name> [member <addr> [<port>]] [partition shared] Causes the ACOS device to load balance traffic to the named pool. Optionally. 44 of 304 Customer Driven Innovation Doc. ACOS 2. serverside {<aFleX commands>} Causes the specified aFleX commands to be evaluated under the server-side context. session delete ssl <key> Deletes an SSL entry. when <event_name> Specify an event in an aFleX script. Evaluates one of several scripts. If an SSL table already exists. switch Built-in Tcl command. session lookup ssl <key> Searches the SSL table for information about the specified key.1 7/2/2013 . The partition shared option causes the aFleX policy to act upon service groups in the shared partition instead. when you want the aFleX policy to act upon service groups in the shared partition instead. You can specify multiple when commands within a single aFleX script. By default. This command has no effect if the aFleX policy is already being evaluated under the server-side context.7.aFleX 2. sha1 Returns the Secure Hash Algorithm version 1.

1 is used by default. table lookup <name> [-notouch] <key> Returns the value associated with the specified key.7. table append <name> [-notouch] <key> <string> Appends a string to the value associated with the specified key. If the key already exists. If you do not specify a value for <num>. No. table timeout <name> [-remaining] <key> Returns the remaining time before the expiration timeout. instead of the total lifetime. If the variable does not exist. set <global_variable> <value> Sets the <global_variable> to the specified <value>.: D-030-01-00-0007 . instead of the timeout itself. unset <global_variable> Deletes the value for the <global_variable>.) Table Commands Time Commands aFleX Commands (Continued) Command Name and Description whereis <ipaddr> Returns geo-location information for a given IP address.1 7/2/2013 45 of 304 . table keys <name> [-count|-notouch] Returns a list of keys in the specified table. table delete <name> <key>|-all Deletes the <key> or value pair with the specified key. in seconds or milliseconds. table replace <name> <key> <value> Replaces the value in the table with the specified <key> or <value>. table add <name> <key> <value> Adds a <value> to the table for the specified <key>. incre <global_variable> Increments the <global_variable> by a value of 1. If -all is specified in addition to a table name. get <global_variable> Returns the value of the specified <global_variable>.0. table lifetime <name> [-remaining] <key> Returns the remaining time before the expired lifetime. TIME::clock [seconds | milliseconds] Returns the system time.aFleX 2. a key is not inserted and the existing value is returned. this command will create a new variable. all keys and value pairs for that table are deleted. table incr [-notouch] <key> [<num>] Increments the value associated with the specified key. table lifetime <name> <key> [<value>] Returns the lifetime for the specified key. Customer Driven Innovation Doc. ACOS 2. table set <name> <key> <value> Sets a <value> in the table for the existing <key>.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 Command Type Global (cont. array <global_array> Sets or returns elements in a global array. table timeout <name> <key> [<value>] Returns the timeout for the specified key.

IP::version Return the version (e. LINK::nexthop Returns the MAC address of the next hop. This command is equivalent to the command clientside { IP::remote_addr }. IP::protocol Returns the IP protocol value.aFleX 2. AES::encrypt <key> <data> Encrypts data using an AES key. IP::client_addr Returns the client IP address of a connection.g. 192.: D-030-01-00-0007 . No. Returns 0 if no match. IP::stats {pkts in | pkts out | pkts | bytes in | bytes out | bytes | age} Supplies information about the number of packets or bytes being sent or received in a given connection.7. Customer Driven Innovation Doc. IPv4/IPv6) of the current packet. or 128 bits (default) to use for encrypting/decrypting data using AES.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type Link Commands Advanced Encryption Standard (AES) Operations IP Packet Header Query 46 of 304 Command Name and Description LINK::lasthop Returns the MAC address of the last hop.. IP::local_addr Returns the local IP address of a connection.0. AES::decrypt <key> <data> Decrypts data using an AES key. IP::remote_addr Returns the remote IP address of a connection. AES::key <passphrase> [256 | 192 | 128] Creates a random key of length 256. This command is equivalent to the command serverside { IP::remote_addr }. LINK::vlan_id Returns the VLAN tag of the packet. IP::addr <addr1>[/<mask>] equals <addr2>[/<mask>] Performs comparison of IP address/subnet/supernet to IP address/subnet/supernet. IP::server_addr Returns the server’s IP address.1 7/2/2013 . ACOS 2. IP::tos Returns the value of the IP protocol’s Type of Service (ToS) field. 1 for a match. IP::ttl Returns the TTL of the current packet being acted upon.

TCP::collect <length> Causes TCP to start collecting the specified amount of content data. Equivalent to the command clientside { TCP::remote_port }. TCP::offset Returns the position in the TCP data stream in which the collected TCP data starts. TCP::rtt Returns the smoothed round-trip time (RTT) estimate for a TCP connection. Customer Driven Innovation Doc.aFleX 2. TCP::server_port Returns the server TCP port/service number.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type TCP Packet Header and Content Query Command Name and Description TCP::remote_port Returns the remote TCP port/service number. Equivalent to the command serverside { TCP::remote_port }.: D-030-01-00-0007 . TCP::respond <data> Sends the specified data directly to the peer. TCP::mss Returns the on-wire Maximum Segment Size (MSS) for a TCP connection.0. ACOS 2. TCP::release Causes TCP to resume processing the connection and flush collected data. TCP::client_port Returns the client’s TCP port/service number. TCP::payload [<size>] Returns the accumulated TCP data content. No. This command can be used to complete a protocol handshake. TCP::local_port Returns the local TCP port/service number.7.1 7/2/2013 47 of 304 .

or pool.1 7/2/2013 .aFleX 2. UDP::client_port Returns the client’s UDP port/service number. UDP::payload <offset> <size> <new_data> Stating at <offset>. UDP::payload [<size>] Returns the current UDP payload content. No. UDP::local_port Returns the local UDP port/service number. UDP::server_port Returns the server UDP port/service number. UDP::payload length Returns the amount of UDP payload content in bytes.7. virtual server. ACOS 2. Statistics 48 of 304 Note: This command is equivalent to the command serverside { UDP::remote_port }. This command can be used to complete a protocol handshake.: D-030-01-00-0007 . or pool. replaces the <size> of the collected payload with the specified <new_data>. STATS::clear server <server-name | ipaddr> [<port-num> <tcp | udp>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Clears statistics for a node.0. Note: This command is equivalent to the command clientside {UDP::remote_port}. STATS::get server <server-name | ipaddr> [<port-num> <tcp | udp>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Retrieves statistics for a node. UDP::payload <offset> <size> Returns the content of the current UDP payload from <offset>. Customer Driven Innovation Doc. virtual server.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type UDP Packet Header and Content Query Command Name and Description UDP::remote_port Returns the remote’s UDP port/service number. UDP::respond <data> Sends the specified data directly to the peer.

aFleX 2. one each for a matching LID where request-limit is configured.: D-030-01-00-0007 . LID::conn_rate_limit <param> Returns a list of conn-rate-limit values and LID type. LID::request_limit <param> Returns a list of request-limit and LID type. one each for a matching LID where conn-rate-limit is configured. ACOS 2. LID::request_rate_limit <param> Returns a list of list request-rate limit values and LID type. LID::exists <lid-id> Returns a Boolean value that indicates whether the specified LID exists. LB::reselect [pool <pool-name> [<member>]] Reperforms server selection.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type Load Balancing (LB) LID Header and Content Query Command Name and Description LB::down Temporarily marks the current real port down for 30 seconds. No.1 7/2/2013 49 of 304 . LID::nat_pool <lid-id> Returns a list of string and LID type. Customer Driven Innovation Doc. one each for a matching LID where conn-rate limit is configured.0. one each for a matching LID where conn-limit is configured. one each for a matching LID where nat-pool is configured. LID::conn_limit <lid-id> Returns a list of conn-limit and LID type. LB::status node <ipaddr> [port <port_num> {tcp | udp}] Returns the health status of a node. LB::status pool <pool_name> [member <ipaddr> [<port_num>]] [partition shared] Returns the health status of a pool. LID::type <param> Returns a list of LIDs of the specified type.7. LB::server [pool | addr | port] Returns the result of pool and node selection.

0. No. CLASS::match <param> <operator> <list-name> <lid> Returns LID of match when <param> matches an entry in class list <list-name>. CLASS::names Returns a list of class-list names. ACOS 2. CLASS::match <param> <operator> <list-name> Returns whether <param> matches an entry in class list <classname>. CLASS::match <param> <operator> <list-name> <key> Returns key of match when <param> matches an entry in class list <list-name>. CLASS::match <param> <list-name> [ip | dns] Returns whether <param> matches an [ip | dns] entry in class list <list-name>.aFleX 2.: D-030-01-00-0007 . CLASS::match <param> <list-name> <key> [ip | dns] Returns key of match when <param> matches an [ip | dns] entry in class list <list-name>.7. CLASS::type <list-name> Returns the type of the specified class list. CLASS::match <param> <list-name> <lid> [ip | dns] Returns LID of match (only if configured) when <param> matches an [ip | dns] entry in classlist <list-name>. CLASS::match <param> <operator> <list-name> <value> Returns LID of match when <param> matches an entry in class list <list-name>.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type Class Header and Content Query Command Name and Description CLASS::exists <list-name> Returns a Boolean value that indicates whether the class list exists..1 7/2/2013 . 50 of 304 Customer Driven Innovation Doc.

Customer Driven Innovation Doc.7.: D-030-01-00-0007 . HTTP::path [<string>] Returns the path part of the HTTP request.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type HTTP Packet Header and Content Query Command Name and Description HTTP::header [value] <name> Returns value of the HTTP header named <name>. HTTP::fallback <host> Specifies or overrides the fallback host specified in the HTTP profile. HTTP::header at <index> [nvp] Returns the HTTP header that the ACOS device finds at the zero-based index value. if specified) of the HTTP request. No. You can omit the <value> argument if the header name does not collide with any of the subcommands. HTTP::header exists <name> Returns true if the named header is present on the request or response. HTTP::header at <index> Returns the HTTP header that the system finds at the zero-based index value. HTTP::header names Returns a list of all the headers present on the request or response. HTTP::header values <name> Returns value(s) of the HTTP header named <name>. HTTP::host Returns the host name (and port. The nvp option returns the entire header as a name-value-pair (NVP). ACOS 2. HTTP::method Returns the type of HTTP request method. HTTP::header count Returns the number of HTTP headers present on the request or response.aFleX 2.0.1 7/2/2013 51 of 304 .

aFleX 2. ACOS 2. When the system collects the specified amount of data. HTTP::collect [<length>] Collects the amount of data that you specify with the [length] argument. HTTP::uri [<string>] Returns the complete URI of the request.0. HTTP::query [<string>] Returns the query part of the HTTP request. doing so or using a value larger than the size of the actual length can stall the connection. Even though this is allowed in certain cases. starting at <offset> with <string>. HTTP::close Inserts a Connection: Close header and close the HTTP connection.: D-030-01-00-0007 . HTTP::payload [<size>] Returns the content that the HTTP::collect command has collected thus far. 52 of 304 Customer Driven Innovation Doc. since in these cases.1 7/2/2013 . the data is implicitly released. HTTP::stream replace <old-string> <new-string> Returns the string in an HTTP response.7.9" | "1. HTTP::is_keepalive Returns a true value if this is a Keep-Alive connection.0" | "1. No. HTTP::version ["0. HTTP::payload <offset> <length> <string> Replaces the amount of content that you specified with the <length> argument. HTTP::payload length Returns the size of the content that the command has collected thus far. not including the HTTP headers. HTTP::is_redirect Returns a true value if the response is a certain type of redirect.1"] Returns the HTTP version of the request or response. the system returns the collected content. Note: Use great caution when omitting the value of the content length. If you do not specify a size. HTTP::release Releases the collected data. There is no need to use the HTTP::release command inside of the HTTP_REQUEST_DATA and HTTP_RESPONSE_DATA events. it calls the Tcl event HTTP_REQUEST_DATA or HTTP_RESPONSE_DATA.) Command Name and Description HTTP::status Returns the response status code.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type HTTP Packet Header and Content Query (cont.

HTTP::header [value] <name> <string> Sets the value of the named header. TCP::release Causes TCP to resume processing the connection and to flush collected data. If the system runs the command on the server side. the system treats the list as a list of name/ value pairs.1 7/2/2013 53 of 304 . TCP::close Closes the connection.0. HTTP::request_num Returns the number of HTTP requests that a client made on the connection. Note that because the system sends the response data immediately after this aFleX policy runs. v2. HTTP::header remove <name> Removes the last occurrence of the named header from the request or response. Note that this command sends the response to the client immediately. you cannot specify this command multiple times in an aFleX. otherwise. Customer Driven Innovation Doc. HTTP::respond <status code> [content <content Value>] [<Header name> <Header Value>]+ This is a powerful API that allows users to generate or rewrite a client request or a server response.aFleX 2. v1. In such cases. it sends the response to the client without any load balancing taking place. HTTP::redirect <url> Redirects a HTTP request or response to the specified URL. n2. If you specify "lws". nor can you specify any other commands that modify header or content. Therefore.: D-030-01-00-0007 .v3. This command performs a header insertion if the header was not present. the content from the actual server is discarded and replaced with the information provided to this API. HTTP::header sanitize <header name>+ Removes all but the headers you specify. The exception to this is some essential HTTP headers. When the system runs the command on the client side. No. after you specify this command.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type TCP Header and Content Manipulation HTTP Header and Content Manipulation Command Name and Description TCP::collect <length> Causes TCP to start collecting the specified amount of content data. You can omit the <value> argument if the header name does not collide with any other values. the system adds linear white space to long header values. TCP::payload replace <offset> <length><data> Replaces collected payload with the given data. the system adds linear white space to long header values. the command replaces the header. we recommend that you not run any more aFleX policy after this API. n3. HTTP::header insert ["lws"] {n1. If the header is present. HTTP::header replace <name> [<string>] Replaces the last occurrence of the named header with the string <string>. HTTP::header insert ["lws"] <name> <value> Inserts the named HTTP header and its value into the end of the HTTP request or response. …} Passes a Tcl list to insert into a header.7. the command adds the header. If you specify "lws". ACOS 2.

You can omit the value of this command if the cookie name does not collide with any of the other commands. HTTP::cookie ports <name> [portlist] Sets or gets the cookie port lists for V1 cookies.7. HTTP::cookie insert <name> <value> [path<path>] [domain <domain>] [version <0 | 1 | 2>] Adds or replaces a cookie.0. HTTP::cookie remove <name> Removes a cookie.1 7/2/2013 . HTTP::cookie path <name> [path] Sets or gets the cookie path. The default value for the version is 0. No. HTTP::cookie [value] <name> [string] Sets or gets the cookie value of the given name.: D-030-01-00-0007 . HTTP::cookie domain <name> [domain] Sets or gets the cookie domain. HTTP::cookie exists <name> Returns a true value if the cookie exists. HTTP::cookie version <name> [version] Sets or gets the version of the cookie.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type HTTP Cookie Manipulation – for Request Messages 54 of 304 Command Name and Description HTTP::cookie names Returns the names of all the cookies present in the HTTP header.aFleX 2. HTTP::cookie sanitize [attribute]+ Removes all but the specified attributes from the cookie. Customer Driven Innovation Doc. HTTP::cookie count Returns the number of cookies present in the HTTP header. ACOS 2.

ACOS 2.7. Applies to Version 1 cookies only. which is the number of seconds from the current time. HTTP::cookie exists <name> Returns a true value if the cookie exists. Applicable only to Version 1 cookies. HTTP::cookie maxage <name> [seconds] Sets or gets the max-age. HTTP::cookie sanitize [attribute]+ Removes from the cookie all but the attributes you specify. The default number of seconds is relative. HTTP::cookie secure <name> [enable | disable] Sets or gets the secure attribute. If you specify the absolute argument.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type HTTP Cookie Manipulation – for Response Messages Command Name and Description HTTP::cookie names Returns the names of all the cookies present in the HTTP header. Customer Driven Innovation Doc. Applicable only to Version 1 cookies. No. HTTP::cookie [value] <name> [string] Sets or gets the cookie value of the given name.1 7/2/2013 55 of 304 . The default value for the version is 0. 1970).aFleX 2.0. the seconds value represents number of seconds since the UNIX epoch (January 1. HTTP::cookie path <name> [path] Sets or gets the cookie path. Applicable only to Version 1 cookies. HTTP::cookie commenturl <name> [commenturl] Sets or gets the comment URL. HTTP::cookie version <name> [version] Sets or gets the version of the cookie. HTTP::cookie expires <name> [seconds] [absolute | relative] Sets or gets the expires attribute.: D-030-01-00-0007 . HTTP::cookie ports <name> [portlist] Sets/Gets the cookie port lists for Version 1 cookies. HTTP::cookie insert <name> <value> [path] [domain] [version] Adds or replaces a cookie. HTTP::cookie domain <name> [domain] Sets/Gets the cookie domain. HTTP::cookie comment <name> [comment] Sets or gets the cookie comment. HTTP::cookie discard <name> [enable | disable] Sets or gets the discard attribute. You can omit the value of this command if the cookie name does not collide with any of the other commands. cookies. HTTP::cookie remove <name> Removes a cookie. Applies to Version 0 cookies only. HTTP::cookie count Returns the number of cookies present in the HTTP header.

COMPRESS::enable Enables compression for the current HTTP response. or clears RRs from the Authority section. URI::decode Returns a decoded version of a given URI. COMPRESS::disable Disables compression for the current HTTP response. DNS::additional [[insert | remove rr_obj] | clear] Returns. DNS::authority [[insert | remove rr_obj] | clear] Returns. ACOS 2. inserts. and Additional. removes. URI::basename <uri> Returns the basename portion of the given URI. URI::path <uri> Returns the path portion of the given URI. one for each section: Answer.: D-030-01-00-0007 . Authority. DNS::answer [[insert | remove rr_obj] | clear] Returns. removes. removes.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type HTTP Requests Compression URI encode / decode URI Return path / basename DNS 56 of 304 Command Name and Description HTTP::request Returns a raw HTTP request. DNS::question <name | type | class> [value] Gets or sets the question field value. HTTP::header <id | qr | opcode | aa | tc | rd | ra | ad | cd | rcode | qdcount | ancount | nscount | arcount> [value] Gets or sets simple bits or byte fields. HTTP::retry Resends an HTTP request to the server.7.aFleX 2. No. inserts. COMPRESS::gzip Sets the compression level for HTTP compression.1 7/2/2013 . DNS::len Returns the DNS packet message length. inserts. URI::encode Returns an encoded version of a given URI.0. Customer Driven Innovation Doc. or clears RRs from the Answer section. or clears RRs from the Additional section. DNS::return Skips all further processing after tcl execution and sends the DNS packet in the opposite direction. DNS::query <target> <name> <type> [dnssec] Returns a tcl list of RR tcl objects lists.

No.7. DNS::cache update Updates the DNS cache with content changed through aFleX. DNS::rdata <rr_obj> [value] Gets or sets the resource record rdata field. DNS::opt <do | udpsize | rcode | version> [value] Gets or sets the parameters of a DNS OPT record.1 7/2/2013 57 of 304 .. DNS::name <rr_obj> [value] Gets or sets the resource record name field (FQDN). ACOS 2.: D-030-01-00-0007 .. DNS::ttl <rr_obj> [value] Gets or sets the resource record TTL field. Customer Driven Innovation Doc. DNS::type <rr_obj> [value] Gets or sets the resource record type field. DNS::rr <name> <type> <class> <ttl> <rdata.aFleX 2.0.> | <string>> Creates a new resource record object with the specified attributes or as a complete string.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 Command Type DNS aFleX Commands (Continued) Command Name and Description DNS::class <rr_obj> [value] Gets or sets the resource record class field. DNS::cache <enable | disable> Enables or disables the DNS cache for the current DNS session. DNS::is_dnssec Checks the DNSSEC query or reply.

1 7/2/2013 . SIP::header Returns the value of the “From” header in a SIP request. and header-name:header-value pair. If you specify the <index>.: D-030-01-00-0007 . If you specify the <index>. SIP::method Returns the type of the SIP request method.aFleX 2. SIP::response phrase Gets the response phrase. SIP::header [<value>] “header-name” [<index>] Returns SIP header “header-name”. If you specify the <index>. No. the first instance of the header is acted upon by the aFleX policy. SIP::respond code <"phrase" <"header-name" "header-value">> Sends back a response with the specified code. SIP::via sent_by [<index>] Gets the sent_by part of the SIP via at the specified index level. The <index> option indicates the header to act upon. SIP::via [<index>] Gets the information in the SIP “via” header. SIP::uri Returns the complete URI of the request. if specified.0. phrase. Without the <index> option. SIP::response code Gets the SIP response code.7.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type SIP Header Query and Manipulation 58 of 304 Command Name and Description SIP::call_id Returns the value of the Call-ID header in a SIP request. only the information at the specified index level is returned. SIP::response rewrite code <phrase> Rewrites the response code and phrase. ACOS 2. The <value> option specifies the header value. Customer Driven Innovation Doc. only the information at the specified index level is returned. SIP::to Returns the value of the “To” header in the SIP request. only the information at the specified index level is returned. SIP::via proto [<index>] Gets the protocol part of the SIP via at the specified index level. in cases where there are multiple header levels.

SIP::via branch [<index>] Gets the branch attribute of the SIP via at the specified index level. CACHE::expire aFleX Script Editor Forces a cached object to be revalidated from the server. No. only the information at the specified index level is returned. If you specify the <index>. DIAMETER::length Returns the length of a Diameter message. Customer Driven Innovation Doc. If you specify the <index>. DIAMETER::avp <options> Reads. DIAMETER::version Returns the version of a Diameter message.: D-030-01-00-0007 . CACHE::age Returns the age of a cached object. only the information at the specified index level is returned. or its name. DIAMETER::cmd_code [name] Returns the command code. POLICY::bwlist id id <ip> [<bwlist_name>] Returns the group ID associated with an IP address in a black/white list.1 7/2/2013 59 of 304 . If you specify the <index>. CACHE::disable Disables caching for the current HTTP request CACHE::enable [<age>] Forces caching of an object.0. SIP::via ttl [<index>] Gets the TTL attribute of the SIP via at the specified index level. only the information at the specified index level is returned.7. The age is the number of seconds the object has been in the cache. DIAMETER::app_id Returns the application ID in a Diameter message. ACOS 2. writes. of a Diameter message. CACHE::hits Returns the number of cache hits for a cached object. CACHE::headers Returns the HTTP headers of a cached object.) Policy-Based SLB Query RAM Caching Diameter load balancing Command Name and Description SIP::via received [<index>] Gets the retrieved attribute of the SIP via at the specified index level.aFleX 2. SIP::via maddr [<index>] Gets the maccadr attribute of the SIP via at the specified index level.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type SIP Header Query and Manipulation (cont. or deletes AVPs.

SSL::cipher {name | version | bits} Returns SSL cipher information. If <result_code> is specified. Level is 0-based. RADIUS::length Returns the RADIUS message length. RADIUS::id Returns the RADIUS message ID. SSL::template [clientside | serverside] <templatename> Applies an SSL template for specifically the client or server side. SSL::disable [clientside | serverside] Disables SSL on either the client or server side. ACOS 2. This setting overrides the mode setting in the template. Only the client side is supported. returns the result code of the peer certificate verification.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type RADIUS message load balancing SSL Command Name and Description RADIUS::avp [<attr>] Returns RADIUS attribute-value pairs (AVPs). sets the result code. SSL::verify_result [<result_code>] If <result_code> is not specified. SSL::cert mode <“request” | “require” | “ignore” | “auto”> Sets the certificate mode.aFleX 2. SSL::cert <level> Returns SSL certificate with the specified level in the certificate chain. SSL::sessionid Returns the current SSL session ID. SSL::cert count Returns the number of certificates in the certificate chain. RADIUS::code Returns the RADIUS message code. SSL::cert issuer <level> Returns the issuer of the certificate with the specified level. 60 of 304 Customer Driven Innovation Doc. SSL::sessionid Returns the current SSL session ID number.7. SSL::mode Returns a 1 when SSL is enabled or a 0 when SSL is disabled. SSL::enable [clientside | serverside] Enables SSL on either the client or server side. No.0.: D-030-01-00-0007 . SSL::session invalidate Disables reuse of the SSL Session ID for the client.1 7/2/2013 .

Customer Driven Innovation Doc. as an OpenSSL X509 error string.aFleX 2. substr Returns a sub-string <string> based on the values of <skip_count> and <terminator>. getfield Splits a string on a character.509 certificate. and returns the string corresponding to the specific field. HTTP::version Returns the version number of an X. X509::subject_public_key_type <X509 certificate> Returns the subject’s public key type of the specified X.509 Deep packet inspection aFleX Commands (Continued) Command Name and Description X509::extensions <X509 certificate> Returns the X. X509::verify_cert_error_string Returns the error string for the specified error code.509 certificate.509 certificate. The returned value can be RSA. findstr Finds the string <search_string> within <string> and returns a sub-string based on the <skip_count> and <terminator> from the matched location.7. X509::whole <X509 certificate> Return a certificate in human-readable (text) format. No.509 certificate.509 certificate. X509::subject Returns the subject of the certificate.0.A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 Command Type X.509 certificate.509 certificate. X509::subject_public_key_RSA_bits <X509 certificate> Returns the size of the subject’s public RSA key of an X.509 certificate. domain Parses the string <string> as a dotted domain name and return the last <count> portions of the domain name. X509::subject_public_key <X509 certificate> Returns the subject’s public key of the specified X.509 certificate.: D-030-01-00-0007 . ACOS 2. X509::serial_number Returns the serial number of an X.509 extensions set on the specified X.509 certificate. X509::signature_algorithm <X509 certificate> Returns the signature algorithm of the specified X. X509::text Return a certificate in human-readable (text) format.1 7/2/2013 61 of 304 . X509::not_valid_after Returns the not-valid-after date of an X. X509::hash <X509 certificate> Returns the MD5 or sh1 hash (fingerprint) of the specified X. X509::issuer Returns the issuer of the X. DSA. or unknown.509 certificate. X509::not_valid_before Returns the not-valid-before date of an X.

A10 Thunder Series and AX Series – aFleX Reference aFleX Basics TABLE 4 aFleX Commands (Continued) Command Type Financial Information eXchange (FIX) load balancing Database Load Balancing (DBLB) Template Commands Command Name and Description FIX::begin_string Returns the value of the BeginString tag. FIX::sending_time Returns the value of the time of message transmission.0. which is a string that is one or two characters in length. FIX::sender_compid Returns the value of the SenderCompID tag. in the assigned server SSL template. in the assigned HTTP template. always expressed in UTC time.aFleX 2. No. ACOS 2. FIX::msg_seq_num Returns the integer message sequence number. in the assigned UDP template. TEMPLATE::cache <setting> Returns the value for the specified <setting> TEMPLATE::client_ssl <setting> Returns the value for the specified <setting> TEMPLATE::conn_reuse <setting> Returns the value for the specified <setting> TEMPLATE::http <setting> Returns the value for the specified <setting> TEMPLATE::ssl <setting> Returns the value for the specified <setting> TEMPLATE::tcp <setting> Returns the value for the specified <setting> TEMPLATE::udp <setting> Returns the value for the specified <setting> 62 of 304 in the assigned RAM cache template. TEMPLATE::exists type Determines if a template of the specified type is bound to a virtual server. It is always the third field in the message and is always unencrypted. FIX::target_compid Returns the value of the TargetCompID tag. FIX::msg_type Returns the value of the MsgType tag. Customer Driven Innovation Doc. in the assigned connection reuse template.1 7/2/2013 .: D-030-01-00-0007 . DB::Command Gets a numeric value that represents the command number.7. in the assigned TCP template. in the assigned client SSL template. DB::Query Gets a string that holds the entire SQL query which was sent by the client. FIX::body_length Returns the value of the BodyLength tag. The MsgType tag defines the message type.

ACOS 2. aFleX Script Editor also provides templates to quickly create new scripts.1 7/2/2013 63 of 304 .aFleX 2.7. and features the following functions: • Download • Upload • New • Delete • Save • Import • Export • Reset Customer Driven Innovation Doc. aFleX Script Editor aFleX Script Editor provides a separate programming environment for offline development of aFleX policies and is PC-based for easy support. No. aFleX Script Editor is supported only on Windows platform systems. The editor also retrieves existing aFleX scripts from an AX device as well as saves aFleX scripts back to the AX device after editing.: D-030-01-00-0007 .A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor aFleX Script Editor Overview aFleX Script Editor is an application that enables you to easily create and edit aFleX scripts.0.

Find Previous.0. Copy. Delete. Paste. Hot Spots • Status Bar. Redo • Search Functions • Find. Replace.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor FIGURE 4 aFleX Script Editor – new aFleX name field and template list • Edit Functions • Cut. Undo. Select All. End of Line. Margin. Auto Complete. Word Wrap • White Space. Fold Margin. No. Indentation Guide. Bookmarks.7. Output Window 64 of 304 Customer Driven Innovation Doc.: D-030-01-00-0007 .1 7/2/2013 . Find Next. Go To Line • View Functions • Line Numbers.aFleX 2. ACOS 2.

Copy the directory “aFleXEditor” from the A10 Thunder Series/AX Series Documentation CD to the “Program Files” directory on a Windows platform PC. for example to the taskbar or desktop.7. You can create a shortcut to aFleX Script Editor by dragging the existing shortcut from the copied folder to wherever you want the shortcut to be. ACOS 2. To start aFleX Script Editor: Click on the shortcut to start aFleX Script Editor. 2. 3. No.aFleX 2. Optionally. you can put the directory “aFleXEditor” wherever you like on any Windows system and modify the shortcut or create a new shortcut accordingly.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor FIGURE 5 aFleX Script Editor – main editor screen Installing and Starting aFleX Script Editor aFleX Script Editor Installation 1.0.: D-030-01-00-0007 .1 7/2/2013 65 of 304 . Customer Driven Innovation Doc.

• When you exit. No. • Edit scripts and upload them back onto the ACOS device. 66 of 304 Customer Driven Innovation Doc.aFleX 2. • Save aFleX scripts to a local workstation. Below the menu and icons. the aFleX list in the Local Files frame is saved. (See Figure 6.) The aFleX Template window appears where you can select from a list of aFleX templates. click the New icon or select File > New aFleX.: D-030-01-00-0007 . • Use aFleX Script Editor templates to simplify script creation. ACOS 2. the aFleX Script Editor window has the following main parts: • Menu bar – to select menu-based aFleX Script Editor commands • Icon bar – to select icon-based aFleX Script Editor commands • Download Files (top-left frame) – to access aFleX files on an ACOS device • Local Files (lower-left frame) – to access aFleX files on a workstation • Editor (top-right frame) – panel in which to edit aFleX files • Output (lower-right frame) – shows the status of file transfers and more • Status bar (bottom bar) – shows the current aFleX Script Editor status Editing aFleX Scripts – Getting Started Create an aFleX Script To begin using aFleX Script Editor to create an aFleX script.7. you can: • Download aFleX scripts from the ACOS device. • Create new aFleX scripts.0.1 7/2/2013 .A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor aFleX Script Editor Features Working with aFleX Script Editor.

These templates offer pre-configured aFleX command modules required for typical ACOS applications and are named accordingly. No. an aFleX policy can be quickly constructed. To use a template to create a new aFleX policy.7. enter a unique name into the name field of the aFleX Template window. With the addition of parameters for your specific ACOS application.0. select a template from the list below the name field. Customer Driven Innovation Doc.aFleX 2. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor FIGURE 6 aFleX Script Editor – main editor screen aFleX Templates The aFleX Template window offers a list of aFleX templates. and click the OK button.1 7/2/2013 67 of 304 .: D-030-01-00-0007 .

and then click OK. The rest of this chapter explains how to use the editor itself. No. select the BLANK template. open one and look up its commands in the reference chapter: “Commands” on page 119. To better understand templates. Enter a unique name for the new script.1 7/2/2013 .7.0. ACOS 2.aFleX 2. The new script will be empty because the BLANK template was selected. The new script is added to the Local Files list and is opened in the Editor frame. You can then begin scripting using the aFleX commands.: D-030-01-00-0007 . 68 of 304 Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor FIGURE 7 aFleX Script Editor – templates Need a function not shown in the aFleX Templates? You can create a custom aFleX script.

or Import/ Export options to transfer aFleX scripts between an AX device and the editor. No. FIGURE 9 Download aFleX policy from AX device Customer Driven Innovation Doc.7. You must enter the AX hostname or IP address.aFleX 2.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor Connect to an AX Device – aFleX File Transfer Use aFleX Script Editor’s Connect AX. and admin username and password. use the File/Download function to access the file within the aFleX Script Editor.: D-030-01-00-0007 . ACOS 2.0. File Download/Upload. FIGURE 8 Connection to the ACOS device View aFleX Scripts To view scripts in the aFleX Script Editor. to log onto the AX device.1 7/2/2013 69 of 304 .

0.7. No.1 7/2/2013 .: D-030-01-00-0007 .aFleX 2. Click on a file name in the AX Files list to view its contents in the Editor frame.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor Downloaded files can be seen in the AX Files list. FIGURE 10 70 of 304 Viewing an aFleX policy in the Editor frame Customer Driven Innovation Doc. ACOS 2.

a window pops up and asks you to enter the hostname or IP address. Output Window Options Menu • Font. Find Previous.7. Paste.0. Reset. Exit Edit Menu • Undo. No. Set Keyword Color. Upload. Book Marks. Set Text Color. End of Line. Set Background Color. Word Wrap.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor Menu Functions Overview This section provides a list of all menu items. White Space. Indentation Guides. Fold Margin. File Menu The editor includes the following script handling functions in the File menu: • Connect/Disconnect. Redo. the connection status changes to “Connected” and all the aFleX policies on the AX device are automatically shown in the Download Files Customer Driven Innovation Doc. Go To Line View Menu • Line Numbers. Find Next. Cut. Select All Search Menu • Find. New aFleX. Replace. Status Bar. Download. After you click OK.: D-030-01-00-0007 . Delete. Auto Complete. Set Line Number Color. ACOS 2. Set Comment Color. Last Setting Help Menu • About aFlex Editor File Functions Connect AX / Disconnect AX If you select File > Connect AX. Import aFleX. Rename. Save.aFleX 2. Export aFleX. Detailed descriptions of the functions follow. Delete aFleX.1 7/2/2013 71 of 304 . Copy. Margin. and admin username and password.

Using the BLANK aFleX Template • You can also create aFleX scripts from the BLANK template. see the “Commands” on page 119. Using an aFleX Template • If you click the New icon.1 7/2/2013 . The file list in the Local Files frame is updated.7. the Upload menu item is disabled. to re-establish the connection to the AX. From this point on. ACOS 2. then click OK. and username and password.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor frame.) After you select a template. Download File > Download If you click Download and the AX device is disconnected. the currently selected Local File is uploaded to the AX device and listed in the AX Files frame. all the aFleX policies previously shown in the Download Files frame disappear and the connection status is changed to “Disconnected”. No. If you select File > Disconnect or click the Disconnect button. a window will pop up where you can select an aFleX Template. type the new aFleX policy name and click OK.0. a window pops up to ask you to input the hostname or IP address. 72 of 304 Customer Driven Innovation Doc.aFleX 2. The Local Files window generates the new file and opens it in the editor frame. you can manipulate aFleX policies on the AX device. select the BLANK template from the list of templates. Enter a unique name for the new aFleX. (See Figure 6 on page 67. the Connect menu option and button both change to “Disconnect”.: D-030-01-00-0007 . If the current status of the AX is “Connected”. The new aFleX policy is added to the Local Files list and is opened in the editor frame. New aFleX File > New aFleX Note: For information on aFleX scripts and commands. Upload File > Upload If you click Upload. After you are connected. If the AX device is disconnected. no window will pop up.

aFleX 2. a window pops up where you can select a file and import it into the aFleX Script Editor.1 7/2/2013 73 of 304 . it is deleted from the AX file list. the file will also be deleted from the Local Files. No. Save File > Save If a currently selected aFleX file is located in the AX Files frame. it is saved to the local workstation. If a currently selected aFleX file is located in the Local Files frame. it is saved to the AX device. the selected file is deleted from the local workstation. or equal to the name of another file. nothing is deleted. Export File > Export If you click Export. a window pops up where you can select a local path to which to export the currently selected file.0. Customer Driven Innovation Doc. Import File > Import If you click Import. The Local Files frame adds the file and opens it in the Editor frame. Rename File > Rename If you click Rename. and the next item in the list is automatically selected. ACOS 2. If an aFleX file is currently selected within the Local Files frame. If an aFleX file is currently selected in the AX Files frame.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor Delete Rule File > Delete Rule If no aFleX file is currently selected. the currently selected aFleX file can be renamed.: D-030-01-00-0007 . If the response message from the AX system indicates success. The new name should not be equal to the existing name shown in the aFleX Script Editor.7.

1 7/2/2013 . No. Standard Windows keyboard shortcuts can also be used for these commands. click No. the Reset command resets it to the initial file state when last downloaded. ACOS 2. it resets to the initial file state just generated through the New action. Edit Menu Functions Undo / Redo Edit > Undo / Redo The Undo and Redo actions are for undo or redo of changes to text. 74 of 304 Customer Driven Innovation Doc. Select All Edit > Select All Select Edit > Select All or ctrl+A to select all text in the Editor frame. click Yes. If the currently selected file is located in the Local Files frame.0. • To exit aFleX Script Editor. if the cursor is active within the Editor frame. if the cursor is active within the Editor frame. If the currently selected file is located in the AX Files frame. Exit File > Exit If you click File > Exit. Copy.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor Reset File > Reset Restores the currently selected file to its state before user modifications.: D-030-01-00-0007 . Standard Windows keyboard shortcuts can also be used for these commands. • To continue working in aFleX Script Editor.aFleX 2. and Delete commands are for modifying text. Cut / Copy / Paste / Delete Edit > Cut / Copy / Paste / Delete The Cut.7. an alert window pops up. Paste.

it will be highlighted.1 7/2/2013 75 of 304 .aFleX 2. the Search and Replace window pops up. FIGURE 11 Search > Find Replace Search > Replace If you select Search > Replace. No. You can click the Next match or the Previous match button to locate another occurrence of the string to be replaced. Click the Find or Mark All button: • If the term can be found in the text. ACOS 2. type the string you want to replace. You can type a string of up to 250 characters in the Find what field.7.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor Search Menu Functions Find / Find Next / Find Previous Search > Find / Find Next / Find Previous If you select Search > Find or press ctrl+F. a Find window pops up.: D-030-01-00-0007 . In the Replace with field. If you want to find the next occurrence of the string. press F3. In the Search for field. press shift+F3. • If the term can not be found.0. an alert window will pop up. To find the previous occurrence of the string. type the new string. Customer Driven Innovation Doc. The find window will close.

FIGURE 12 Search > Replace Replaces options include: • Match case – searches for text in case-sensitive mode. ACOS 2.7.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor • If the string is found.1 7/2/2013 . replaces only within the selection.: D-030-01-00-0007 . • Replace in selection only – select search text before starting. No. • Match whole word – does not find words where the search string is only part of the word. • If the term can not be found. it will be highlighted.aFleX 2. Go to Line Search > Go To Line If you select Go To Line. Click OK to navigate to that line in the currently open file. 76 of 304 Customer Driven Innovation Doc. an alert indicates that no match could be found. a window pops up where you can type a line number into the Go To Line field. • Regular expressions – searches for regular expressions (regex) entered into the Search for field. Click either Replace or Replace All.0.

ACOS 2.1 7/2/2013 77 of 304 . View Word Wrap View > Word Wrap This menu command enables/disables word wrap in the Editor frame’s. View Fold Margin View > Fold Margin Use this menu command to display or hide the Fold Margin where the +/symbols can be use to expand and collapse aFleX events.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor FIGURE 13 Search > Go To Line View Menu Functions View Line Number View > Line Number Use this menu command to display or hide Line Numbers in the editor.: D-030-01-00-0007 .7. View Margin View > Margin Use this menu command to display or hide the Editor frame Margin between the Editor frame’s Line Numbers column and its Fold Margin column. No. View Indention Guides View > Indentation Guides Use this menu command to display or hide the Indentation Guides.0.aFleX 2. Customer Driven Innovation Doc.

View End of Line View > End of Line This menu command enables/disables display of End of Line (LF and CRLF) markers in the Editor frame. The bookmarks can be displayed only when you update an aFleX policy on the AX device.7. View Output Window View > Output Window This menu command enables/disables display of the Output frame.aFleX 2. the bookmarks indicate the line that contains the error. No. ACOS 2. View Status Bar View > Status Bar This menu command enables/disables display of the Editor frame’s status bar. If an aFleX policy has a syntax error or definition error.: D-030-01-00-0007 .1 7/2/2013 . View Book Marks View > Book Marks This menu command enables/disables bookmarks in the Editor frame. 78 of 304 Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor View White Space View > White Space This menu command enables/disables marking of white space in the Editor frame.0.

0. Set Background Color Options > Set Background Color This menu command is used to set the Editor frame’s color for the background.: D-030-01-00-0007 . Set Text Color Options > Set Text Color This menu command is used to set the Editor frame’s font color for the main text.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor Options Menu Functions Font Options > Font This menu command is used to set the font style for the Editor frame text. My Last Setting Options > My Last Setting This menu command restores your last setting from your previous session.aFleX 2.1 7/2/2013 79 of 304 . Set Line Number Color Options > Set Line Number Color This menu command is used to set the Editor frame’s font color for the line numbers. No. Customer Driven Innovation Doc. Set Keyword Color Options > Set Keyword Color This menu command is used to set the Editor frame’s font color for keyword text.7. ACOS 2. Set Comment Color Options > Set Comment Color This menu command is used to set the Editor frame’s font color for comment text.

Download Dragging a file from the AX Files frame to the Local Files frame is equivalent to using the download command to copy a file from the AX device to the local workstation.1 7/2/2013 .7.: D-030-01-00-0007 . or Reset. No. the status bar displays a status message to indicate the result of that action.0.aFleX 2.A10 Thunder Series and AX Series – aFleX Reference aFleX Script Editor Help Menu Functions About aFleX Editor Help > About aFleX Editor This command displays the aFleX Script Editor version and contact information. 80 of 304 Customer Driven Innovation Doc. Delete. Upload Dragging a file from the Local Files frame to the AX Files frame is equivalent to using the upload command to copy a file to the AX device from the local workstation. Other aFleX Script Editor Functions Drag and Drop File Function You can drag-and-drop files between the AX Files frame and the Local Files frame to upload and download. ACOS 2. Status Window When you perform an action such as Download. Upload.

aFleX 2. No. see “aFleX Script Editor” on page 63.7. 2. For information about using the aFleX Script Editor. You can create the aFleX policy using the aFleX Script Editor. or rebind it afterward. the GUI. Note: These scripts are intended for educational purposes to assist new users. 3. For more information.0.A10 Thunder Series and AX Series – aFleX Reference Applying aFleX Scripts To Virtual Ports Applying aFleX Scripts To Virtual Ports To use an aFleX policy: 1. The ACOS device automatically updates the configuration everywhere the renamed script is used. Customer Driven Innovation Doc. ACOS 2.1 7/2/2013 81 of 304 . You can use aFleX Script Editor.: D-030-01-00-0007 . A10 Networks does not guarantee the sample scripts will work in all contexts and is not liable for damages that result from the misapplication of pre-loaded aFleX scripts. or using a text editor on a PC. Note: Beginning with this release.0. Create the aFleX policy.7. Pre-Loaded aFleX Scripts Beginning with AX Release 2. Bind the aFleX policy to one or more virtual ports. Import the aFleX policy onto the ACOS device. by typing it into a GUI tab or CLI session. You can bind the aFleX policy to a virtual port using the GUI or CLI. or the CLI to import the aFleX policy. you do not need to unbind an aFleX script before renaming it. see “aFleX Script Rename” on page 32. This allows you to immediately apply aFleX scripts and build from the provided code. sample aFleX scripts are pre-loaded onto the ACOS device. The following sections show examples for the CLI and GUI.

A10 Thunder Series and AX Series – aFleX Reference Applying aFleX Scripts To Virtual Ports See Table 5 for a list of pre-loaded aFleX scripts.: D-030-01-00-0007 . Use the following command at the configuration level for the virtual port to bind the aFleX script to the virtual port: aflex aflex-name You can specify one script with the command. SFTP. On the ACOS device.aFleX 2. SCP. 82 of 304 Customer Driven Innovation Doc. ACOS 2. 3. No. To re-order the scripts. do either of the following: • Use the GUI.afx 2.) • In the CLI. Use extension “. FTP. (See “Using the GUI” on page 89. On a PC that supports TFTP. use the no aflex aflex-name command to remove the scripts from the virtual port.0. Rewrites relative and absolute redirects to absolute HTTPS redirects. TABLE 5 Pre-Loaded aFleX Scripts Column host_switching http_payload_re place logging_clients redirect1 redirect2 redirect_rewrite Description This aFleX example illustrates the use of Tcl associative arrays to implement host switching. The scripts will be processed in the order you add them. Redirects HTTP requests to an HTTPS URL Uses HTTP::respond to do a redirect with a cookie set. starting with the first script you add. use any text editor to create an aFleX script and save it locally. Repeat the command for each additional script to add. then re-add them in the correct order. use the CLI command import aflex to import the aFleX policy file onto the ACOS device. or RCP. Example: /aflex/test. Collects the HTTP response and then replaces all instances of the pattern “http://” in the payload with “https://”.1 7/2/2013 .7. Using the CLI—Using an Imported aFleX Script 1.afx” at the end of the file name. Logs Client/Server IP/Port information for security when using Source NAT.

For this example. ACOS 2. with an admin account that has read-write privileges. Access the Privileged EXEC mode: ACOS>enable Password:*** ACOS# 3.com" "sg2"] } when HTTP_REQUEST { set host [HTTP::host] if { [info exists ::SG_ARRAY($host)] } { log "host $host -> pool $::SG_ARRAY($host)" pool $::SG_ARRAY($host) } } 1.0. A CLI prompt appears: ACOS> Note: See the A10 Thunder Series and AX Series CLI Reference if you need information on using the CLI.A10 Thunder Series and AX Series – aFleX Reference Applying aFleX Scripts To Virtual Ports CLI Example This example shows how to import an aFleX policy onto the ACOS device and bind it to a virtual port.7.com" "sg2" "zynga. 2. Access the configuration mode: ACOS#config ACOS(config)# Customer Driven Innovation Doc.1 7/2/2013 83 of 304 . Log onto the ACOS device through the CLI.com" "sg1" "google.: D-030-01-00-0007 . the following aFleX policy is imported: when RULE_INIT { array set ::SG_ARRAY [list "youtube. No.aFleX 2.

: D-030-01-00-0007 . Use the import command to import the aFleX policy (“test.101 server)#port 80 tcp server-node port)#health-check server-node port)#exit server)#exit server node102 10. error messages are displayed.0.9. If any syntax errors are found.102 server)#port 80 tcp server-node port)#health-check server-node port)#exit server)#exit server node103 10.afx”) onto the ACOS device and rename it “my_aflex”: ACOS(config)#import aflex my_aflex scp://192.A10 Thunder Series and AX Series – aFleX Reference Applying aFleX Scripts To Virtual Ports 4.aFleX 2. 84 of 304 Customer Driven Innovation Doc. You can modify an aFleX policy and import it again until it passes the syntax check. Configure service groups: ACOS(config)#slb service-group http-sg1 tcp ACOS(config-slb service group)#member node100:80 ACOS(config-slb service group)#member node101:80 ACOS(config-slb service group)#exit ACOS(config)#slb service-group http-sg2 tcp ACOS(config-slb service group)#member node102:80 ACOS(config-slb service group)#member node103:80 ACOS(config-slb service group)#exit ACOS(config)# 6.9..9.10. Configure nodes (real servers and server ports): ACOS(config)#slb ACOS(config-real ACOS(config-real ACOS(config-real ACOS(config-real ACOS(config)#slb ACOS(config-real ACOS(config-real ACOS(config-real ACOS(config-real ACOS(config)#slb ACOS(config-real ACOS(config-real ACOS(config-real ACOS(config-real ACOS(config)#slb ACOS(config-real ACOS(config-real ACOS(config-real ACOS(config-real ACOS(config)# server node100 10. Done.118/aflex/ host_switching.168.10.10.103 server)#port 80 tcp server-node port)#health-check server-node port)#exit server)#exit no no no no 5.7.afx User name []?*** Password []?*** Importing .100 server)#port 80 tcp server-node port)#health-check server-node port)#exit server)#exit server node101 10.1. ACOS(config)# While importing the aFleX policy.10. ACOS 2.9. the ACOS device checks for syntax errors.1 7/2/2013 . No..

.10.com" "sg2"] } when HTTP_REQUEST { set host [HTTP::host] if { [info exists ::SG_ARRAY($host)] } { log "host $host -> pool $::SG_ARRAY($host)" pool $::SG_ARRAY($host) } } 9.7. ACOS 2..8.. Show the aFleX policy list again to verify that the aFleX policy is now bound to a virtual port: ACOS(config)#show aflex Total aFleX number: 1 Max aFlex file size: 32K Name Syntax Virtual port -----------------------------------------------------------my_aflex Check Yes Customer Driven Innovation Doc. Use the show aflex command to list the aFleX policies imported onto the ACOS device: ACOS(config)#show aflex Total aFleX number: 1 Max aFlex file size: 32K Name Syntax Virtual port -----------------------------------------------------------my_aflex Check No 8.30 ACOS(config-slb virtual server)#port 80 http ACOS(config-slb virtual server-slb virtua.com" "sg2" "zynga.A10 Thunder Series and AX Series – aFleX Reference Applying aFleX Scripts To Virtual Ports 7.)#aflex my_aflex ACOS(config-slb virtual server-slb virtua. use the show aflex aflex-name command: ACOS(config)#show aflex my_aflex when RULE_INIT { array set ::SG_ARRAY [list "youtube.. Configure a virtual server and bind the aFleX policy to a virtual port on the virtual server: ACOS(config)#slb virtual-server v30 10.1 7/2/2013 85 of 304 .0.aFleX 2. No.)#exit ACOS(config-slb virtual server)#exit ACOS(config)# 10.com" "sg1" "google. To display the aFleX policy.: D-030-01-00-0007 .

9.10..6. Note: 86 of 304 Regardless of how an aFleX script is added to the ACOS device.7.10..: D-030-01-00-0007 .101 port 80 tcp health-check no slb server node102 10.100 port 80 tcp health-check no slb server node101 10.9. This feature is especially useful for quickly typing or copy-and-pasting short aFleX scripts.103 port 80 tcp health-check no ! slb service-group http-sg1 tcp member node100:80 member node101:80 slb service-group http-sg2 tcp member node102:80 member node103:80 ! slb virtual-server v30 10. the script does not take effect until you apply it to a virtual port. you can create aFleX policies using the CLI.9.8. ACOS(config)# Using the CLI—Creating an aFleX Script in the CLI Beginning in AX Release 2. Show the running-config: ACOS(config)#show running-config . ACOS 2.aFleX 2.1 7/2/2013 .1. Customer Driven Innovation Doc..0..10.10.102 port 80 tcp health-check no slb server node103 10.9. No. slb server node100 10.A10 Thunder Series and AX Series – aFleX Reference Applying aFleX Scripts To Virtual Ports 11.10.30 port 80 http aflex my_aflex ! .

7. use Ctrl+C. see “Troubleshooting aFleX Syntax Errors” on page 88. the CLI performs a syntax check and displays one of the following messages: • aFleX aflex-name created. syntax check failed. ” (period) on a separate line and press Enter. – Indicates that another aFleX script with the same name is already on the ACOS device. No.aFleX 2. The script is automatically added to a persistent data folder and remains available across reboots. 3. 2. The same name can be used in different Role-Based Administration (RBA) partitions but must be unique within a given partition. ACOS 2. • This aFleX already exists. Note: You do not need to save the configuration (write memory) to save the aFleX script. none of the script is saved. syntax check passed. Syntax Check After you finish entering the script text. Enter the following command at the global configuration level of the CLI: aflex create aflex-name The CLI enters the input mode for the script text.0. If you type the script. Cancelling the aFleX Input Session To cancel an aFleX script input session before you finish entering the script text. Type or copy-and-paste the script. • aFleX aflex-name created. To complete the input process. use the Enter key at the end of each line. type “ . – Indicates the syntax is valid. In this case. – Indicates the syntax is not valid. In this case.A10 Thunder Series and AX Series – aFleX Reference Applying aFleX Scripts To Virtual Ports aFleX Configuration To configure an aFleX policy using the CLI: 1.: D-030-01-00-0007 .1 7/2/2013 87 of 304 . Customer Driven Innovation Doc.

A10 Thunder Series and AX Series – aFleX Reference
Applying aFleX Scripts To Virtual Ports

CLI Example
The following commands create an aFleX script named “test”:
AX(config)#aflex create test
Type in your aFleX script (type . on a line by itself when done)
when CLIENT_ACCEPTED {
if {[IP::addr [IP::client_addr] equals 192.168.217.11/24]} {
node 10.10.10.30 80
}
}
.
aFleX test created; syntax check passed.
AX(config)#

The following command verifies the script information:
AX(config)#show aflex test
Name:

test

Syntax:

Check

Virtual port:

No

Content:
when CLIENT_ACCEPTED {
if {[IP::addr [IP::client_addr] equals 192.168.217.11/24]} {
node 10.10.10.30 80
}
}

The following commands apply the aFleX script to a virtual port:
ACOS(config)#slb virtual-server vip1 10.10.10.100
ACOS(config-slb virtual server)#port 80 http
ACOS(config-slb virtual server-slb virtua...)#aflex test

Troubleshooting aFleX Syntax Errors
After you finish entering the text for an aFleX script, the CLI automatically
performs a syntax check. If the check fails, the following message is displayed:
aFleX aflex-name created; syntax check failed.
In this case, you can fix the script in either of the following ways.

88 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
Applying aFleX Scripts To Virtual Ports

USING THE CLI
1. At the global configuration level, use the aflex check aflex-name command to display syntax error information.
2. Use the aflex delete aflex-name command to delete the script.
3. Use the aflex create aflex-name command to reenter the script. (See
“aFleX Configuration” on page 87.)

USING THE GUI
Use the GUI to display and edit the script:
1. Select Config Mode > Service > aFleX. The aFleX script table appears.
2. Click on the aFleX name to display the configuration page for the script.
3. Edit the script text.
4. Click OK.
5. The aFleX script table reappears. If the script still contains syntax errors,
the errors are displayed above the table.

Using the GUI
1. Select Config Mode > Service > aFleX
The aFleX tab appears. (See Figure 14.)

..

2. Enter a name for the aFleX policy in the Name field.
3. Enter the aFleX policy text into the Definition field.
4. Click OK to save the aFleX policy.
Note:

You can click on the name of an existing aFleX policy to edit it in the
GUI. You can delete an existing aFleX policy by selecting the checkbox
located on the left of its name, then clicking the Delete button.
5. To bind the aFleX policy to a virtual port:
a. Access the configuration settings for the virtual port. You can access
them in either of the following ways:

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

89 of 304

A10 Thunder Series and AX Series – aFleX Reference
Applying aFleX Scripts To Virtual Ports
• Select Config Mode > Service > SLB > Virtual Server, click on

b.
c.
d.
e.

f.

the virtual server name, select the checkbox next to the port, and
click Edit. (See Figure 15.)
• Select Config Mode > Service > SLB > Virtual Service, and
click on the virtual port name.
Next to the aFleX drop-down list, select the Multiple checkbox.
Select an aFleX script from the drop-down list and click Add.
Repeat for the other scripts to add to the virtual port.
The scripts will be processed in the order listed, starting with the
script at the top. To move a script up or down, click on the script
name, then click Move up or Move down.
Click OK.

FIGURE 14

90 of 304

Config Mode > Service > aFleX > New

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
Applying aFleX Scripts To Virtual Ports
FIGURE 15

Config Mode > Service > SLB > Virtual Server > Port

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

91 of 304

A10 Thunder Series and AX Series – aFleX Reference
Applying aFleX Scripts To Virtual Ports

92 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
Events -

Events
The following chapter describes the aFleX events.

Global Events
RULE_INIT
Initializes global system variables. Within an aFleX policy, the RULE_INIT
event can initialize a system variable on a global basis for all aFleX policies,
or exclusively for that particular aFleX policy.
The prefix placed before RULE_INIT specifies whether to initialize the
variable for all aFleX policies, or only the current aFleX policy.
Prefix

Scope
Applies only to the current aFleX policy.

::

This variable cannot be set or read by any other
aFleX policies. Once the variable is defined, it can
be removed only by an unset command.

::global::

Applies to all aFleX policies. This variable can be
set or read by all aFleX policies on the ACOS
device.

Notes:
• Unbinding an aFleX policy will not remove the variable.
• In the current release, it is recommended to avoid using the unset

command to unset global variables. Doing so may cause a problem.

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

93 of 304

if all nodes in the pool are down or all their connection limits have been reached. for example.0.aFleX 2. Example: when LB_FAILED { pool errorPool } Related Information Available Commands: LB::reselect.A10 Thunder Series and AX Series – aFleX Reference Events Example: when RULE_INIT { # define per-aFleX global variable ::request_count # This variable is to count the # of HTTP_REQUEST hits by this aFleX policy set ::request_count 0 # define per-system global variable ::global::ax_request_count # This variable is to count the total number of HTTP_REQUEST hits # in the ACOS system set ::global::ax_request_count 0 } when HTTP_REQUEST { incr ::request_count incr ::global::ax_request_count } LB_FAILED This Event is triggered when the ACOS device can not select a node for the incoming request.1 7/2/2013 . No. LB::server LB_SELECTED Triggered when the system selects a pool member. Example: when LB_SELECTED { if { [IP::addr [IP::remote_addr] equals "10.0.: D-030-01-00-0007 .1"] } { snat VIPsnat } } 94 of 304 Customer Driven Innovation Doc.0.7. ACOS 2.

If the request URI contains the string "Docdir". version. LB::reselect. use service group doc-pool. No.0.7.A10 Thunder Series and AX Series – aFleX Reference Events Related Information Available Commands: IP::local_addr. the method. when HTTP_REQUEST { if { [HTTP::uri] contains "Webdir" } { pool app-pool } elseif { [HTTP::uri] contains "Docdir" } { pool doc-pool } } Customer Driven Innovation Doc. and all headers. redirect to the client to HTTPS.aFleX 2. not including the body).1 7/2/2013 95 of 304 .: D-030-01-00-0007 . use service group app-pool. Example: when HTTP_REQUEST { if { [HTTP::uri] contains "secure"} { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } } Example: If a client request URI contains the string "secure". URI. when HTTP_REQUEST { if { [HTTP::uri] contains "secure"} { HTTP::redirect https:// [HTTP::host][HTTP::uri] } } Example: If a client request uri contains the string "Webdir". ACOS 2. LB::server HTTP Events HTTP_REQUEST Triggered when the system fully parses a complete client request header (that is.

HTTP::is_redirect. HTTP::host.aFleX 2. HTTP::release.0. HTTP::request. HTTP::uri. HTTP::fallback. URI::host. URI::protocol. HTTP::is_keepalive. HTTP::request. HTTP::is_keepalive. HTTP::host. ACOS 2. HTTP::path. HTTP::uri. HTTP::request_num. HTTP::query. URI::compare. HTTP::query. URI::port. HTTP::respond. HTTP::release. URI::path. “WE RECORDED $rpc_id AS THE PERSIST VARIABLE” HTTP::release } Related Information Available Commands: HTTP::fallback. Example: when HTTP_REQUEST_DATA { set rpc_id [findstr [HTTP::payload] “Authorization:” 14 20] persist uie $rpc_id log local0.1 7/2/2013 . No. URI::query HTTP_REQUEST_DATA Triggered whenever an HTTP::collect command finishes processing. URI::encode. URI::decode. URI::basename. HTTP::is_redirect. after collecting the requested amount of request data. HTTP::request_num.7. HTTP::header. HTTP::method. HTTP::respond. pool. HTTP::redirect.A10 Thunder Series and AX Series – aFleX Reference Events Related Information Available Commands: HTTP::cookie. HTTP::version. HTTP::path. HTTP::method. HTTP::disable. HTTP::redirect. HTTP::payload.: D-030-01-00-0007 . HTTP::version 96 of 304 Customer Driven Innovation Doc. snat.

HTTP::request_num. HTTP::respond.siterequest. IP::local_addr. Note: HTTP_RESPONSE is specific to a SERVER response passing through the load balancer. HTTP::payload. HTTP::header. Example: when HTTP_RESPONSE { if { [HTTP::status] contains "404"} { HTTP::redirect "http://www. No. HTTP::redirect. IP::server_addr HTTP_RESPONSE Triggered when the system parses all of the response status and header lines from the server response. HTTP::is_keepalive. ACOS 2. HTTP::version.: D-030-01-00-0007 .aFleX 2.com/" } } Related Information Available Commands: HTTP::cookie.A10 Thunder Series and AX Series – aFleX Reference Events - HTTP_REQUEST_SEND Triggered immediately before a request is sent to a server. HTTP::payload. IP::server_addr. and is not triggered for locally-generated responses. HTTP::release. Example: when HTTP_REQUEST_SEND { TCP::collect 12 } Related Information Available Commands: HTTP::header. HTTP::status. URI::query Customer Driven Innovation Doc. This is a serverside event. IP::local_addr.1 7/2/2013 97 of 304 . HTTP::is_redirect.7. HTTP::host. HTTP::retry.0.

HTTP::redirect. Example: when HTTP_RESPONSE_DATA { regsub "oursite" [HTTP::payload] "oursitedev" fixeddata log "Replacing payload with fixed data." HTTP::payload replace 0 $clen $fixeddata HTTP::release } Example: when HTTP_RESPONSE { HTTP::collect [HTTP::header Content-Length] } when HTTP_RESPONSE_DATA { set clen [HTTP::payload length] set newdata "Sorry. HTTP::release. HTTP::is_redirect.1 client!” } } HTTP_RESPONSE_DATA Triggered whenever an HTTP::collect command finishes processing on the server side of a connection.: D-030-01-00-0007 .1 7/2/2013 . HTTP::version 98 of 304 Customer Driven Innovation Doc. after collecting the requested amount of response data. HTTP::status.A10 Thunder Series and AX Series – aFleX Reference Events - HTTP_RESPONSE_CONTINUE Triggered whenever the system receives a 100 Continue response from the server. HTTP::request_num.1 } log “Buggy server: sent 100-Continue to non-1. No.7.0. Also triggered if the server closes the connection before the HTTP:collect command finishes processing. HTTP::respond. HTTP::retry. This website is temporarily unavailable." HTTP::payload replace 0 $clen $newdata HTTP::respond 200 content [HTTP::payload] } Related Information Available Commands: HTTP::is_keepalive. Example: when HTTP_RESPONSE_CONTINUE { if { [HTTP::version] != 1. ACOS 2.aFleX 2.

IP::server_addr. Example: when CLIENT_ACCEPTED { set curtime [TIME::clock seconds] set formattedtime [clock format $curtime -format {%H:%S} ] log "the time is: $formattedtime" } Example: when CLIENT_ACCEPTED { if { [IP::addr [client_addr] == 192. it is triggered when a TCP hand- shake is completed.aFleX 2. IP::local_addr. and L7. TCP::collect Customer Driven Innovation Doc. and UDP Events CLIENT_ACCEPTED Triggered when a client has established a connection. Note: For TCP. TCP. without syn-cookie.A10 Thunder Series and AX Series – aFleX Reference Events - IP. serverside.168. IP::remote_addr. IP::tos. the CLIENT_ACCEPTED event is triggered as follows: • For L4.1 7/2/2013 99 of 304 . • For L4 with syn-cookie.0. IP::protocol. it is triggered on the first packet. ACOS 2.: D-030-01-00-0007 . the CLIENT_ACCEPTED event is triggered on the first UDP packet received. Note: For UDP (and only UDP). No.217.7.168.0/24 " } } Related Information Available Commands: IP::client_addr.217.0/24] } { discard log "discard client from 192. pool.

: D-030-01-00-0007 .1 7/2/2013 .aFleX 2. Example: when CLIENT_DATA { if { [UDP::payload 50] contains "XYZ" } { pool xyz_servers } } 100 of 304 Customer Driven Innovation Doc.0.7. regardless of protocol. No. Note: For UDP (and only UDP). the CLIENT_DATA event is automatically triggered for each UDP packet received. ACOS 2. Example: when CLIENT_CLOSED { if { [info exists ::active_clients($client_ip)] } { incr ::active_clients($client_ip) -1 if { $::active_clients($client_ip) <= 0 } { unset ::active_clients($client_ip) } } } Related Information Available Commands: IP::local_addr CLIENT_DATA Triggered when new data is received from the client while the connection is in a collect state.A10 Thunder Series and AX Series – aFleX Reference Events - CLIENT_CLOSED Triggered at the end of any client connection.

"Server [IP::server_addr] has closed the connection" } Related Information Available Commands: IP::local_addr. No. If the request contains "xyz". IP::server_addr Customer Driven Innovation Doc.: D-030-01-00-0007 . ACOS 2. when CLIENT_DATA { log "UDP::payload 12 12 = [UDP::payload 12 12]" if { [UDP::payload 12 12] contains "abc" } { pool abc-dns log " select pool abc-dns" } elseif { [UDP::payload 12 12] contains "xyz" } { pool xyz-dns log " select pool xyz-dns" } } Related Information Available Commands: pool SERVER_CLOSED Triggered when the server-side connection closes.1 7/2/2013 101 of 304 . select service group xyz-dns.7.aFleX 2.0.A10 Thunder Series and AX Series – aFleX Reference Events Example: If a DNS request contains "abc". Example: when SERVER_CLOSED { log local0. select service group abc-dns.

Example: when SERVER_DATA { set payload (TCP::payload) } Related Information Available Commands: AES::encrypt. RADIUS::avp. the SERVER_DATA event is triggered for every packet.UDP::respond. whereis 102 of 304 Customer Driven Innovation Doc.aFleX 2. No. For TCP. snatpool SERVER_DATA Triggered when new data is received from the target node while the connection is in a hold state.UDP::server_port.UDP::payload. UDP::client_port. IP::server_addr. Note: For UDP. ACOS 2. UDP::remote_port.TCP::payload.AES::decrypt.RADIUS::code. Example: when CLIENT_ACCEPTED { set vip [IP::local_addr] : [TCP::local_port] } when SERVER_CONNECTED { set client “[IP::client_addr]:[TCP::client_port]” set node “[IP::server_addr]:[TCP::server_port]” } when CLIENT_CLOSED { # log connection info log local0.: D-030-01-00-0007 .RADIUS::id.0.AES::key.A10 Thunder Series and AX Series – aFleX Reference Events - SERVER_CONNECTED Triggered when a connection has been established with the target node.UDP::local_port. you need to issue a TCP::collect.7. TCP::respond.1 7/2/2013 . pool. RADIUS::length.info “Client $client -> VIP: $vip -> Node: $node” } Related Information Available Commands: IP::local_addr.

CACHE::hits CACHE_RESPONSE Triggered immediately prior to sending a cache response. Example: when CACHE_REQUEST { if { [CACHE::age] > 60 } { CACHE::expire log local0. CACHE::hits Customer Driven Innovation Doc. "Expiring content: Age > 60 seconds" } } Related Information Available Commands: CACHE::age.7. CACHE::disable. Example: when CACHE_RESPONSE { if { $::expired == 1 } { CACHE::expire log "cache expire" set ::expired 0 } } Related Information Available Commands: CACHE::age. CACHE::disable.1 7/2/2013 103 of 304 . CACHE::expire.0. CACHE::expire. ACOS 2.: D-030-01-00-0007 .aFleX 2.A10 Thunder Series and AX Series – aFleX Reference Events - RAM Caching Events CACHE_REQUEST Triggered when a VIP receives a request for a cached object. No.

DNS::name. Example: when DNS_RESPONSE { set len [DNS::len] log “dns query pkt len = $len” } Related Information Available Commands: DNS::len.0. DNS::additional.: D-030-01-00-0007 . DNS::name. DNS::type. DNS::class. DNS::answer. DNS::rr. DNS::additional. DNS::query 104 of 304 Customer Driven Innovation Doc. DNS::return. DNS::rdata. DNS::ttl. DNS::query DNS_RESPONSE Triggered when the DNS reply packet arrives. DNS::return. DNS::header.1 7/2/2013 . DNS::rdata. Example: when DNS_REQUEST { set len [DNS::len] log “dns query pkt len = $len” } Related Information Available Commands: DNS::len. DNS::class.aFleX 2. DNS::ttl. DNS::question. DNS::question. DNS::authority. DNS::answer. DNS::rr. No.7. DNS_REQUEST Triggered when the DNS request packet arrives. DNS::authority. DNS::type. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference Events - DNS Events DNS-related operations use the following events. DNS::header.

FIX::target_compid.7. FIX::msg_type. No.A10 Thunder Series and AX Series – aFleX Reference Events - FIX Events Financial Information eXchange (FIX) load balancing uses the following events.1 7/2/2013 105 of 304 . FIX::sending_time FIX_RESPONSE Triggered when the system receives a FIX response. Example: when FIX_REQUEST { if { [FIX::sender_compid] eq “CLIENT1”} { pool sg2 } } Related Information Available Commands: FIX::begin_string. ACOS 2.: D-030-01-00-0007 . FIX::sender_compid. FIX::msg_type. FIX::sending_time Customer Driven Innovation Doc. FIX::sender_compid. FIX::msg_seq_num.aFleX 2. FIX::body_length. FIX::msg_seq_num.0. FIX_REQUEST Triggered when the system receives a FIX request. Example: when FIX_RESPONSE { log “[FIX::sender_compid] -> [FIX::target_compid]” } Related Information Available Commands: FIX::begin_string. FIX::body_length. FIX::target_compid.

ACOS 2. pool 106 of 304 Customer Driven Innovation Doc. DIAMETER_REQUEST Triggered when the system fully parses a complete Diameter request message.: D-030-01-00-0007 .aFleX 2. Example: when DIAMETER_ANSWER { log "DIAMETER::cmd_code = [DIAMETER::cmd_code]" } Related Information Available Commands: DIAMETER::app_id. DIAMETER::length. No. Example: when DIAMETER_REQUEST { log "DIAMETER::cmd_code = [DIAMETER::cmd_code]" } Related Information Available Commands: DIAMETER::app_id.7. DIAMETER::version. DIAMETER::cmd_code. DIAMETER::length.A10 Thunder Series and AX Series – aFleX Reference Events - Diameter Load Balancing Events Diameter load balancing uses the following events. DIAMETER::version.1 7/2/2013 . DIAMETER::cmd_code. DIAMETER::avp. DIAMETER::avp. pool DIAMETER_ANSWER Triggered when the system fully parses a complete Diameter answer message.0.

DIAMETER::avp. ACOS 2. Example: when DIAMETER_ANSWER_SEND { log "DIAMETER::cmd_code = [DIAMETER::cmd_code]" } Related Information Available Commands: DIAMETER::app_id. DIAMETER::length. DIAMETER::avp. DIAMETER::length. DIAMETER::cmd_code.1 7/2/2013 107 of 304 .aFleX 2. DIAMETER::version DIAMETER_ANSWER_SEND Triggered immediately before a Diameter answer is sent.A10 Thunder Series and AX Series – aFleX Reference Events - DIAMETER_REQUEST_SEND Triggered immediately before a Diameter request is sent by the ACOS device. Example: when DIAMETER_REQUEST_SEND { log "DIAMETER::cmd_code = [DIAMETER::cmd_code]" } Related Information Available Commands: DIAMETER::app_id. No.0.: D-030-01-00-0007 .7. DIAMETER::cmd_code. DIAMETER::version Customer Driven Innovation Doc.

aFleX 2. No.A10 Thunder Series and AX Series – aFleX Reference Events - SSL Events CLIENTSSL_CLIENTCERT Triggered when the ACOS device receives an SSL client certificate.7. X509::verify_cert_error_string SERVERSSL_HANDSHAKE Triggered when an SSL handshake on the server side is completed. SSL::sessionid.: D-030-01-00-0007 . X509::verify_cert_error_string CLIENTSSL_HANDSHAKE Triggered when an SSL handshake on the client side is completed. SSL::verify_result. X509::subject. X509::subject. Note: 108 of 304 The new SSL commands for ACOS 2.0. ACOS 2.1 7/2/2013 . Customer Driven Innovation Doc. SSL::verify_result. Example: when CLIENTSSL_HANDSHAKE { set cert [SSL::cert 0] set subject {X509::subject $cert] } Related Information Available Commands: SSL::cert.7.1 are supported for the SERVERSSL_HANDSHAKE event only. Example: when CLIENTSSL_CLIENTCERT { set cert [SSL::cert 0] set subject [X509::subject $cert] } Related Information Available Commands: SSL::cert. SSL::sessionid.

X509::verify_cert_error_string Required Release: ACOS 2. SIP::header. Example: when SIP_REQUEST { log “sip id: [ SIP::call_id ]” } Related Information Available Commands: SIP::call_id.0.0.7. No. SSL::verify_result.A10 Thunder Series and AX Series – aFleX Reference Events Example: when SERVERSSL_HANDSHAKE { set cert [SSL::cert 0] set subject {X509::subject $cert] } Valid Commands SSL::cert. SIP_REQUEST Triggered when the ACOS system receives a full SIP request header from the client. SIP::respond. SIP::method. SIP::response.7. SIP::to.7.X509::subject. SIP::uri. snatpool Customer Driven Innovation Doc. SIP::from.: D-030-01-00-0007 .1 7/2/2013 109 of 304 .aFleX 2. Session Initiation Protocol (SIP) events are supported for the following: • SIP – Session Initiation Protocol over UDP • SIP-TCP – SIP over TCP • SIPS – Secure SIP over TLS Note: For previous releases.SSL::sessionid. SIP::header_insert. ACOS 2.1 or higher SIP Events Beginning with AX Release 2. SIP::via. only SIP over UDP is supported.

Example: when SIP_RESPONSE { log “response code: [SIP::response code]” } Related Information Available Commands: SIP::call_id. No. SIP::response. SIP::to. SIP::method. SIP::from.0. SIP::header. SIP::respond. SIP::header_insert. SIP::respond. SIP::via. SIP::uri. SIP::via SIP_RESPONSE Triggered when the ACOS system receives a full SIP response from the server.aFleX 2.1 7/2/2013 . SIP::method. SIP::from.A10 Thunder Series and AX Series – aFleX Reference Events - SIP_REQUEST_SEND Triggered when the ACOS system sends the SIP request to the server. SIP::header_insert.7. SIP::to. SIP::uri. ACOS 2. SIP::response. SIP::header. Example: when SIP_REQUEST_SEND { log “sip method: [ SIP::method ]” } Related Information Available Commands: SIP::call_id. snatpool 110 of 304 Customer Driven Innovation Doc.: D-030-01-00-0007 .

1 7/2/2013 111 of 304 . Example: when DB_COMMAND { set ret [ DB::command ] log "aflex script got command number $ret" pool mssqlgroup } Valid Commands Al Customer Driven Innovation Doc.0. Example: when DB_QUERY { set ret [ DB::query ] log "aflex script got query $ret" pool mssqlgroup } Valid Commands All DB_COMMAND Triggered when the client sends an SQL command.aFleX 2.: D-030-01-00-0007 .A10 Thunder Series and AX Series – aFleX Reference Events - DBLB Events DB_QUERY Triggered when the ACOS receives a full SQL query from the client side.7. No. ACOS 2.

ACOS 2.aFleX 2.0. No.A10 Thunder Series and AX Series – aFleX Reference Events - 112 of 304 Customer Driven Innovation Doc.7.: D-030-01-00-0007 .1 7/2/2013 .

: D-030-01-00-0007 .1 7/2/2013 113 of 304 . Syntax <string1> contains <string2> Example: when HTTP_REQUEST { if { [HTTP::uri] contains "aol" } { pool aol_pool } else { pool all_pool } } Related Information Valid Events: All ends_with Tests whether one string (string1) ends with another string (string2). Relational Operators contains Tests whether one string (string1) contains another string (string2). ACOS 2.gif" } { pool my_pool } elseif { $uri ends_with ".aFleX 2.0.jpg" } { pool your_pool } } Customer Driven Innovation Doc. Syntax <string1> ends_with <string2> Example: when HTTP_REQUEST { set uri [HTTP::uri] if { $uri ends_with ". No.7.A10 Thunder Series and AX Series – aFleX Reference Operators - Operators The following chapter describes the FleX operators.

A10 Thunder Series and AX Series – aFleX Reference Operators Related Information Valid Events: All equals Tests whether one string equals another string.1 7/2/2013 . No.7.0.: D-030-01-00-0007 . Syntax <string1> equals <string2> Example: when CLIENT_ACCEPTED { if { [matchclass [IP::remote_addr] equals $::aol] } { pool aol_pool } else { pool all_pool } } Related Information Valid Events: All 114 of 304 Customer Driven Innovation Doc.aFleX 2. ACOS 2.

A10 Thunder Series and AX Series – aFleX Reference Operators - matches Tests whether one string matches another string. When used with -nocase.0. • \x – Matches the single character x. then any character between x and y. inclusive. which functions like a cut-down regular expression. will match.: D-030-01-00-0007 . including a null string. Whereas {[A-z]} matches '_' when matching case-sensitively ('_' falls between the 'Z' and 'a'). • [chars] – Matches any character in the set given by chars. For the two strings to match. If a sequence of the form x-y appears in chars. (This is probably what was meant in the first place). This provides a way of avoiding the special interpretation of the characters *?[]\ in a pattern.7. No.html} } { pool aol_pool } else { pool all_pool } } Related Information Valid Events: All Customer Driven Innovation Doc.aFleX 2. the end points of the range are converted to lower case first. • ? – Matches any single character in string. with -nocase this is considered to be like {[A-Za-z]}. Syntax <string1> matches <string2> Note: The "matches" operator uses the same comparison as the Tcl "string match" command. ACOS 2. Example: when HTTP_REQUEST { if { [HTTP::uri] matches {*\\aol\\[a-z]. their contents must be identical except that the following special sequences may appear in the pattern: • * – Matches any sequence of characters in string.1 7/2/2013 115 of 304 .

1 7/2/2013 . Example: when HTTP_REQUEST { if { [HTTP::host] matches_regex "www\.([\w]*)\.A10 Thunder Series and AX Series – aFleX Reference Operators - matches_regex Tests whether one string matches a regular expression. Syntax <string1> matches_regex <regex> <string1> matches_regex <string2> Tests if string2 is contained within string1.aFleX 2.7.([\w]*)\. Syntax <string1> starts_with <string2> Example: when HTTP_REQUEST { if { [HTTP::uri] starts_with "/news" } { pool news_pool } elseif { [HTTP::uri] starts_with "/sports" } { pool sports_pool } } Related Information Valid Events: All 116 of 304 Customer Driven Innovation Doc.0.: D-030-01-00-0007 .com" } { pool com_pool } elseif { [HTTP::host] matches_regex "www\. No. ACOS 2.edu" } { pool edu_pool } } Related Information Valid Events: All starts_with Tests whether one string (string1) starts with another string (string2).

7. Syntax <value1> and <value2> Example: when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/abc") and ([HTTP::host] equals "www.company. Syntax not <value> Example: when HTTP_REQUEST { if { not ([HTTP::uri] starts_with "/abc") } { pool pool1 } else { pool pool2 } } Related Information Valid Events: All Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference Operators - Logical Operators and Performs a logical “and” comparison between two values.com") } { pool pool1 } else { pool pool2 } } Related Information Valid Events: All not Performs a logical “not” on a value. ACOS 2.aFleX 2.0. No.: D-030-01-00-0007 .1 7/2/2013 117 of 304 .

1 7/2/2013 .aFleX 2.7.0.A10 Thunder Series and AX Series – aFleX Reference Operators - or Performs a logical “or” comparison between two values. ACOS 2.: D-030-01-00-0007 . No. Syntax <value1> or <value2> Example: when HTTP_REQUEST { if { ([HTTP::uri] starts_with "/abc") or ([HTTP::uri] starts_with "/cde") } { pool pool1 } else { pool pool2 } } Related Information Valid Events: All 118 of 304 Customer Driven Innovation Doc.

Syntax active_members <pool_name> Example: when HTTP_REQUEST { if {[active_members pool1] >= 5} { pool big_pool } } Related Information Valid Events: All b64decode Returns the specified string.: D-030-01-00-0007 . Syntax b64decode <string> Example: when HTTP_REQUEST { set encrypted [HTTP::cookie "EncryptedCookie"] set decrypted [b64decode $encrypted] HTTP::cookie insert name "MyCookie" value $decrypted } Customer Driven Innovation Doc.0.1 7/2/2013 119 of 304 . decoded from base-64.A10 Thunder Series and AX Series – aFleX Reference Commands .7. ACOS 2. GLOBAL Commands active_members Returns number of active members in the pool. Returns NULL if there is an error.GLOBAL Commands Commands The following chapter describes the aFleX commands.aFleX 2. No.

This command has no effect if the aFleX command is already being evaluated under the client-side context. Returns NULL if there is an error.1.GLOBAL Commands Related Information Valid Events: All b64encode Returns the specified string. Syntax clientside {<aFleX commands>} Example: when SERVER_CONNECTED { if { [IP::addr [clientside {IP::remote_addr}] == 10.80] } { discard } } Related Information Valid Events: All 120 of 304 Customer Driven Innovation Doc. No.7. Syntax b64encode <string> Example: when HTTP_REQUEST { set cert [SSL::cert 0] HTTP::header insert SSLCERT [b64encode $cert] } Related Information Valid Events: All clientside Causes the specified aFleX commands to be evaluated under the client-side context.: D-030-01-00-0007 . encoded as base-64.1.0.aFleX 2.A10 Thunder Series and AX Series – aFleX Reference Commands .1 7/2/2013 . ACOS 2.

Syntax cpu usage [1sec | 5secs | 15secs | 1min | 5mins | 15mins | all_seconds | all_minutes] Example: when HTTP_REQUEST { if { [cpu usage 5secs] <= 1} { pool1 } else { HTTP::redirect "http://anotherpool.1.1.1 7/2/2013 121 of 304 .A10 Thunder Series and AX Series – aFleX Reference Commands . All averages are exponential weighted moving averages over the interval. This statement must be conditionally associated with an if statement. No.com" } } Related Information Valid Events: All discard Causes the current packet or connection (depending on the context of the event) to be discarded. ACOS 2.GLOBAL Commands cpu The cpu usage command returns the average CPU load for the given interval.aFleX 2.80] } { discard } } Related Information Valid Events: All Customer Driven Innovation Doc.: D-030-01-00-0007 . This command performs the same function as the drop command.7.0. Syntax discard Example: when SERVER_CONNECTED { if { [IP::addr [clientside {IP::remote_addr}] == 10.

This command must be conditionally associated with an if command.A10 Thunder Series and AX Series – aFleX Reference Commands .80] } { drop } } Related Information Valid Events: All 122 of 304 Customer Driven Innovation Doc. No. This command performs the same function as the discard command.: D-030-01-00-0007 . ACOS 2. Syntax drop Example: when SERVER_CONNECTED { if { [IP::addr [clientside {IP::remote_addr}] drop 10. Syntax domain <string> <count> Example: when HTTP_REQUEST { if { [HTTP::uri] ends_with "html" } { pool cache_pool set key [crc32 [concat [domain [HTTP::host] 2] [HTTP::uri]]] } } Related Information Valid Events: All drop Causes the current packet or connection (depending on the context of the event) to be discarded.1.aFleX 2.0.GLOBAL Commands domain Parses the specified string as a dotted domain name and returns the last <count> portions of the domain name.7.1 7/2/2013 .1.

1.1. Syntax event [<name>] [enable | disable] | [enable all | disable all] Example: when CLIENT_ACCEPTED { if { [IP::client_addr] equals "10.0. No. on this connection. However.1" } { event HTTP_REQUEST disable } } when HTTP_REQUEST { log "HTTP Request from [IP::client_addr]" } Example: when HTTP_RESPONSE { event disable } Related Information Valid Events: All Customer Driven Innovation Doc. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference Commands . Syntax encoding {convertfrom | convertto} <encoding> Example: See “set encode” on page 138.7. or all aFleX events.1 7/2/2013 123 of 304 .GLOBAL Commands encoding Convert the character encoding of a payload to the specified encodiing. event Discontinue evaluating the specified aFleX event.: D-030-01-00-0007 .aFleX 2. the aFleX script continues to run.

: D-030-01-00-0007 . • If the <terminator> argument is not specified. No. Syntax findstr <string> <search_string> [<skip_count> [<terminator>]] Finds the string <search_string> within <string> and returns a sub-string based on the <skip_count> and <terminator> from the matched location. ACOS 2. • This command. Note the following: • The <terminator> argument may be either a character or length. • If the <skip_count> argument is not specified. it defaults to the end of the string.0.1 7/2/2013 . it defaults to zero. is equivalent to the following Tcl command: string range <string> [string first <string> <search_string>] end Example: when HTTP_REQUEST { if { [findstr [HTTP::uri] "type=" 5 "&"] eq "cgi" } { pool cgi_servers } else { pool web_servers } } Related Information Valid Events: All 124 of 304 Customer Driven Innovation Doc. without <skip_count> or <terminator>.aFleX 2.7.GLOBAL Commands findstr Find a string within another string and return the string starting at the offset specified from the match.A10 Thunder Series and AX Series – aFleX Reference Commands .

Syntax getfield <string> <split> <field_number> Example: To extract only the hostname from the host header (strips any trailing ":###" port specification) when HTTP_REQUEST { [getfield [HTTP::host] ":" 1] } To redirect any request for a domain. Syntax htonl <hostlong> Customer Driven Innovation Doc.0.): when HTTP_REQUEST { if { [HTTP::host] contains "domain.GLOBAL Commands getfield Splits a string on a character or string.A10 Thunder Series and AX Series – aFleX Reference Commands .com host to the same hostname.aFleX 2.org[HTTP::uri] } } Related Information Valid Events: All htonl Convert the unsigned integer from host byte order to network byte order.7.org (uses a multi-character split string and field_number 1 to extract only those characters in the hostname before the split string. ACOS 2.1 7/2/2013 125 of 304 . No.com"} { HTTP::redirect https://[getfield [HTTP::host] ".domain.: D-030-01-00-0007 . and returns the string corresponding to the specific field.subdomain @ domain.domain.com" 1].

7.0.aFleX 2. Note: If not used appropriately. Note: The syslog facility is limited to logging 1024 bytes per request.: D-030-01-00-0007 . The level can be a number from 0 to 7.GLOBAL Commands Example: when HTTP_REQUEST { set hostlong 12345678 set netlong [htonl $hostlong] } Related Information Valid Events: All htons Convert the unsigned short integer from host byte order to network byte order. the log command can produce large amounts of output. This command works by performing variable expansion on the message as defined for the HTTP profile Header Insert setting. Longer strings will be truncated.<level>] <message> The facility can be one from "local0" to "local7" (Currently only "local0" is supported). Syntax htons <hostshort> Example: when HTTP_REQUEST { set hostshort 1234 set netshort [htons $hostshort] } Related Information Valid Events: All log Generates and logs the specified message to the Syslog utility.1 7/2/2013 . No. or the corresponding 126 of 304 Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference Commands . ACOS 2. Syntax log [<facility>.

"WARNING".3 or higher Customer Driven Innovation Doc.aFleX 2.1 7/2/2013 127 of 304 .4. ACOS 2.7. Example: log local0. Syntax md5 <string> Example: when CLIENT_ACCEPTED { set value1 [md5 “1234567890”] log local0.4 “md5 $value1” } Related Information Valid Events: All Required AX Release: 2. "ALERT". when the <facility> and/or <level> are specified. "NOTICE". No.: D-030-01-00-0007 . "CRIT". and "DEBUG". the log messages are not rate-limited (though syslog will still perform suppression of repeated duplicates). "EMERG".DEBUG "This is log message from facility local0 and level DEBUG" Related Information Valid Events: All md5 Returns the RSA MD5 Message Digest Algorithm message digest of the specified string. "INFO". When aFleX logs messages without the facility and/or level.GLOBAL Commands level string.0 "Fatal error" log local0. However.A10 Thunder Series and AX Series – aFleX Reference Commands .0. they are rate-limited as a class and subsequently logged messages within the rate-limit period may be suppressed even though they are textually different. "ERR".<level> is specified. Note: There is a significant behavioral difference when the optional <facility>. "Found $isCard $type CC# $card_number" log local0.

7.20. No. Example: when CLIENT_ACCEPTED { log "members [members list sg1]" } Related Information Valid Events: All Required AX Release: 2.1 7/2/2013 . Syntax nexthop <ipaddr> Example: When CLIENT_ACCEPTED { If {[IP::addr [IP::client_addr] equals 10.: D-030-01-00-0007 . If you omit this option.0.6.0.0/8]} { nexthop 20. ACOS 2. Syntax members [list] <pool> The list option lists the members.GLOBAL Commands members Counts or lists all members in a service group.1 } else { Log “use default nexthop” } } Related Information Valid Events: All 128 of 304 Customer Driven Innovation Doc. the command counts the members.A10 Thunder Series and AX Series – aFleX Reference Commands .0.aFleX 2.20.1 or higher nexthop Sets the next hop for a connection.

ACOS 2. thus bypassing any load-balancing. They also must be configured as a member of a service group.gif" } { node 10.1 7/2/2013 129 of 304 .: D-030-01-00-0007 . this command overwrites the default reverse nexthop IP address: • EVENT_HTTP_RESPONSE • EVENT_HTTP_RESPONSE_CONTINUE • EVENT_HTTP_RESPONSE_DATA • EVENT_SERVER_CONNECTED • EVENT_SERVER_DATA For other events.aFleX 2. Syntax node <addr> [<port>] Note: The node command requires that the real server (node) and service port already be configured.2.6 or higher node Causes the specified server node (that is. this command overwrites the forward next-hop IP address.A10 Thunder Series and AX Series – aFleX Reference Commands .200 80 } } Customer Driven Innovation Doc.1. Note: Connection limiting and connection rate limiting are not applied to a node if it is selected by this command. Example: when HTTP_REQUEST { if { [HTTP::uri] ends_with ".7.GLOBAL Commands For the following events.0. No. Required AX Release: 2. IP address and port number) to be used directly.

ACOS 2. No. Syntax ntohs <netshort> Example: when HTTP_REQUEST { set netshort 1234 set hostshort [ntohs $netshort] } Related Information Valid Events: All 130 of 304 Customer Driven Innovation Doc.7.1 7/2/2013 .A10 Thunder Series and AX Series – aFleX Reference Commands .0. Syntax ntohl <netlong> Example: when HTTP_REQUEST{ set netlong 12345678 set hostlong [ntohl $netlong] } Related Information Valid Events: All ntohs Convert the unsigned short integer from network byte order to host byte order.: D-030-01-00-0007 .aFleX 2.GLOBAL Commands ntohl Convert the unsigned integer from network byte order to host byte order.

0.GLOBAL Commands persist Set client persistence based on any value you choose.7. real server port. The persist add form of the command is useful for setting persistence based on data that is set on the server and is therefore first observed by the ACOS device in the server response. The uie option stands for “Universal Inspection Engine”. server template limits are applied for both service-group and server selection.1 7/2/2013 131 of 304 . which maps the client to an SLB resource (real server. ACOS 2. “persist”. persist uie <string> [<timeout>] [dont_honor_conn_rules] Ignores server template limits for persistence server selection. the timeout is converted to minutes and is decremented one minute at a time.aFleX 2.e. indicating that you can set persistence based on any key.7. Otherwise. As a result. If the persistence table contains the specified key. Note: Beginning with AX Release 2. The default is 1800 seconds. “pool”.) will enforce server template limits on the selected server. use the no def-selection-if-pref-failed command for the vport. the ACOS device uses the SLB resource that key is mapped to in the table. Customer Driven Innovation Doc. Internally.: D-030-01-00-0007 . “node”..A10 Thunder Series and AX Series – aFleX Reference Commands . rather than in the client request. The <timeout> specifies how many seconds the persistence entry can remain in the table after the last time traffic from the client is sent to the server. new connections that match a persist uie entry may be unable to use the rport and a default server selection will occur instead. persist add uie <key> [<timeout>] Adds an entry to the persistence table. Syntax persist uie <string> [<timeout>] Sets the key for an entry on the persistence table.0. This command differs from the command above in that it does not first check the persistence table for an existing entry for the key. No. To prevent default server selection. etc. or service group). Commands that call for server selection (i. the ACOS device uses SLB to select a resource and creates a corresponding persistence table entry.

persist delete uie <key> Deletes the persistence table entry for the specified key. ACOS 2. if the traffic contains the specified key value and is sent to the same virtual port.1 7/2/2013 .0.7. {<specified-value> [any virtual | any service | any pool] [pool <pool-name>]} The options provide the following behavior: • <specified-value> – Key value. • pool <pool-name> – Persist to the same real server and port. • any virtual – Persist to the same real server and port. • pool – Returns the pool (service group) name. if the traffic contains the specified key value and is sent to the same virtual port and to the specified service group. The <key> can be specified with one of the following options: <specified-value> Persist to the same real server and port. • port – Returns the real service port number.A10 Thunder Series and AX Series – aFleX Reference Commands .GLOBAL Commands persist lookup uie <key> [all | node | port | pool] Performs a lookup in the persistence table for an entry with the specified key: • all – Returns all the values listed below. if the traffic contains the specified key value and is sent to the same virtual port and service group (pool). if the traffic contains the specified key value and is sent to the same virtual server.aFleX 2. No. <key> Syntax The <key> specifies the data upon which the persistence is based. • node – Returns the real server IP address. (If you do not specify this option or one of the following options. if the traffic contains the specified key value. this is equivalent to specifying all. • any pool – Persist to the same real server. • any service – Persist to the same real server.: D-030-01-00-0007 . 132 of 304 Customer Driven Innovation Doc. to any virtual port.

: D-030-01-00-0007 .aFleX 2. when HTTP_RESPONSE { set IP [IP::client_addr] persist add uie { $IP any virtual } 1800 } when HTTP_REQUEST { set IP [IP::client_addr] set p [ persist lookup uie { $IP any service } all ] if { $p ne "" } { log local0. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference Commands .GLOBAL Commands Displaying Persistent Sessions To display the persistent sessions managed by this aFleX command.0.1 7/2/2013 133 of 304 . "Found in persistency-table ([lindex $p 0] [lindex $p 1] [lindex $p 2])" node [lindex $p 1] [lindex $p 2] } } Example: The following script provides the same persistence for a client IP address accessing one VIP and port: when HTTP_RESPONSE { set IP [IP::client_addr] persist add uie $IP 1800 } when HTTP_REQUEST { set IP [IP::client_addr] persist uie $IP } Customer Driven Innovation Doc. use the following command in the CLI: show session persist uie Example: The following script provides persistence on a VIP on any port.7. No.

Note: Pool / member may be selected conditionally. server template limits are applied for both service-group and server selection. “pool”.0.e. Syntax pool <pool_name> pool <pool_name> [member <addr> [<port>] ] pool <pool_name> 134 of 304 Customer Driven Innovation Doc.GLOBAL Commands Example: The following script provides the same persistence for a client IP address accessing any VIP and any port: when HTTP_RESPONSE { set IP [IP::client_addr] persist add uie { $IP any service } 1800 } when HTTP_REQUEST { set IP [IP::client_addr] set p [ persist lookup uie { $IP any service } all ] if { $p ne "" } { log local0. To prevent default server selection.0.1 7/2/2013 . If multiple conditions match.aFleX 2. "Found in persistency-table ([lindex $p 0] [lindex $p 1] [lindex $p 2])" node [lindex $p 1] [lindex $p 2] } } Related Information Valid Events: All pool Causes the system to load balance traffic to the specified pool or pool member. “persist”. Note: Beginning with AX Release 2. No. use the no def-selection-if-pref-failed command for the vport. new connections that match a persist uie entry may be unable to use the rport and a default server selection will occur instead. Commands that call for server selection (i. As a result..7.7. “node”. ACOS 2.: D-030-01-00-0007 .) will enforce server template limits on the selected server. etc.A10 Thunder Series and AX Series – aFleX Reference Commands . the last match will determine the pool/member to which this traffic is load balanced.

HTTP_RESPONSE_CONTINUE. HTTP_REQUEST_DATA.1 7/2/2013 135 of 304 . and pool. The use statement must be paired with certain commands such as node. HTTP_REQUEST_SEND.7. SERVER_DATA use This command is provided for backwards compatibility.0.aFleX 2. HTTP_REQUEST. A10 Networks recommends using the commands node and pool directly. HTTP_RESPONSE_DATA.10. LB_SELECTED.10. LB_FAILED. SERVER_CLOSED. ACOS 2. but are not likely valid for this command: HTTP_RESPONSE.10] } { pool my_pool } } Related Information Valid Events: CLIENT_ACCEPTED. SERVER_CONNECTED. CLIENT_DATA.A10 Thunder Series and AX Series – aFleX Reference Commands . However. NAME_RESOLVED Events which do not generate an error. No.GLOBAL Commands Example: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10. Syntax use <object> <object_name> Example: when HTTP_REQUEST { if { [HTTP::uri] contains "aol" } { use pool aol_pool } else { use pool all_pool } } Related Information Valid Events: All Customer Driven Innovation Doc.: D-030-01-00-0007 .

1.1.1.1 7/2/2013 . Syntax serverside { <aFleX command> } Example: when CLIENT_ACCEPTED { if {[IP::addr [serverside {IP::remote_addr}] equals 10.80] } { drop } } Related Information Valid Events: All serverside Causes the specified aFleX command or commands to be evaluated under the server-side context. ACOS 2.7.1. No.A10 Thunder Series and AX Series – aFleX Reference Commands .0.aFleX 2. Syntax reject Example: when SERVER_CONNECTED { if { [IP::addr [clientside {IP::remote_addr}] equals 10.: D-030-01-00-0007 . This command has no effect if the aFleX policy is already being evaluated under the server-side context.GLOBAL Commands reject Causes the connection to be rejected.80] } { discard } } Related Information Valid Events: All 136 of 304 Customer Driven Innovation Doc. returning a reset as appropriate for the protocol.

Generally. If an SSL table already exists.aFleX 2. HTTP_REQUEST. the <key> is the session ID and the data is the SSL verify_result or the SSL certificate.0.1 7/2/2013 137 of 304 .7.GLOBAL Commands session Manage SSL sessions. ACOS 2.: D-030-01-00-0007 . HTTP_RESPONSE. Syntax session add ssl <key> <data> [<timeout>] session lookup ssl <key> session delete <mode> <key> The session add ssl command creates a table to store SSL information. The session delete command deletes an SSL entry. CLIENTSSL_HANDSHAKE Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference Commands . Example: when CLIENTSSL_HANDSHAKE { set cert1 [SSL::cert 0] session add ssl [SSL::sessionid] $cert1 300 } when HTTP_REQUEST { set cert2 [session lookup ssl [SSL::sessionid]] } Related Information Valid Events: CLIENT_ACCEPTED. the command adds an entry to the table. CLIENTSSL_CLIENTCERT. No. The session lookup ssl command Searches the SSL table for information about the specified key.

an empty string is returned.A10 Thunder Series and AX Series – aFleX Reference Commands . No.GLOBAL Commands set encode Set the character encoding for data payloads.7.1 7/2/2013 . Note: If an error occurs. Syntax set encode "<encoding>" Example: Here is an example of an aFleX policy that converts payload data into Japanese encoding Shift_JIS: when HTTP_RESPONSE { if { [HTTP::header "Content-Type"] contains "Shift_JIS" } { set encode "shiftjis" HTTP::collect } } when HTTP_RESPONSE_DATA { set hoge [HTTP::payload length] set payload [encoding convertfrom $encode [HTTP::payload]] regsub -all "abc" $payload "xyz" newdata set newdata3 [encoding convertto $encode $newdata] HTTP::payload replace 0 $hoge $newdata3 HTTP::release } Related Information Valid Events: All sha1 Returns the Secure Hash Algorithm version 1.0 (SHA1) message digest of the specified string.: D-030-01-00-0007 .aFleX 2. Syntax sha1 <string> 138 of 304 Customer Driven Innovation Doc.0. ACOS 2.

35] } { snatpool snat_a } else { snatpool snat_b } } Related Information Valid Events: CLIENT_ACCEPTED. Syntax snatpool <snatpool_name> The <snatpool_name> option specifies the name of a configured IP address pool. This is the virtual port’s default NAT pool.0. LB_SELECTED Valid Events added with AX Release 2.GLOBAL Commands Related Information Valid Events: All Required AX Release: 2. snatpool none The none option disables the SNAT.4.7. Note: A NAT pool must already be bound to virtual port in the AX configuration.: D-030-01-00-0007 .aFleX 2.7. ACOS 2. The command uses the specified NAT pool instead of the NAT pool that is already bound to the virtual port in the AX configuration.A10 Thunder Series and AX Series – aFleX Reference Commands .0. Note: The IP type (IPv4 or IPv6) of the pool must be the same as the IP type of the real servers.3 or higher snatpool Uses the specified pool of IP addresses as translation addresses to create a SNAT. SIP_RESPONSE Customer Driven Innovation Doc. No.0: SIP_REQUEST. Example: when CLIENT_ACCEPTED { if { [IP::addr [IP::local_addr] equals 10.0.1 7/2/2013 139 of 304 . HTTP_REQUEST.

• If <terminator> is a string. or up to the end of the string.7. • If <terminator> is an integer.: D-030-01-00-0007 . where 0 indicates the first character of <string>. the returned string will include that many characters. For Layer 7 ports. the snatpool command must be triggered by a CLIENT_ACCEPTED or LB_SELECTED event. from <skip_count> to the end of <string> is returned. whichever is shorter. • If <terminator> is a string which does not occur in the search space. ACOS 2.aFleX 2.GLOBAL Commands Note: For Layer 4 virtual ports.1 7/2/2013 .0. 140 of 304 Customer Driven Innovation Doc. No. Syntax substr <string> <skip_count> [<terminator>] Notes • The <skip_count> and <terminator> arguments are used in the same way as they are for the findstr command. • This command is equivalent to the Tcl string range command except that the value of the <terminator> argument may be either a character or a count. • The <skip_count> argument is the index into <string> of the first char- acter to be returned. substr Returns a sub-string named <string>. • The <terminator> argument can be either the substring length or the sub- string terminating string. the returned string will include characters up to but not including the first occurrence of the string. the snatpool command must be triggered by a HTTP_REQUEST event.A10 Thunder Series and AX Series – aFleX Reference Commands . based on the values of the <skip_count> and <terminator> arguments.

This is the default.7. use glob-style matching (the same as implemented by the string match command). ACOS 2. "Uri Part = $uri" } log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2 log "[substr "abcdefghijklm" 2 "x"]" "gh"]" 4]" 20]" 0]" The above example logs the following: cdefghijklm cdef cdef cdefghijklm cdefghijklm Related Information Valid Events: All switch Built-in Tcl command.?} Matches its string argument against each of the pattern arguments in order. Evaluates one of several scripts. depending on a given value. Syntax switch ?options? string {pattern body ?pattern body . If no pattern argument matches string and no default is given. Customer Driven Innovation Doc..1 7/2/2013 141 of 304 . • -glob – When matching string to the patterns. As soon as it finds a pattern that matches string. The following options are currently supported: • -exact – Use exact matching when comparing string to a pattern.aFleX 2. If the last pattern argument is "default"..A10 Thunder Series and AX Series – aFleX Reference Commands . then the command returns an empty string.0.: D-030-01-00-0007 .GLOBAL Commands Example: when HTTP_REQUEST { set uri [substr $uri 1 "?"] log local0. then it matches anything. No. then they are treated as options. it evaluates the following body argument by passing it recursively to the Tcl interpreter and returns the result of that evaluation. If the initial arguments start with "-".

the following script will not give a compile error: when CLIENT_ACCEPTED { $value = $somevalue switch $value { 0 { pool $invalid-pool-name } default { } } } 142 of 304 Customer Driven Innovation Doc. The argument following this one will be treated as string even if it starts with a "-".: D-030-01-00-0007 . make sure that all possible outcomes are valid. For example. or consider using if . and so on). This feature makes it possible to share a single body among several patterns.1 7/2/2013 . To avoid this.. the following script will give a compile error.7.0. No. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference Commands . use regular expression matching (the same as implemented by the regexp command). Since the pattern arguments are in braces in the second form. the argument must have proper list structure.. Note: If the result of the switch evaluation is invalid. If a body is specified as "-" it means that the body for the next pattern should also be used as the body for this pattern (if the next pattern also has a body of "-" then the body after that is used. as expected: when CLIENT_ACCEPTED { pool $invalid-pool-name } However.aFleX 2.– Marks the end of options. The first uses a separate argument for each of the patterns and commands. this makes the behavior of the second form different than the first form in some cases. • -. since the braces around the whole list make it unnecessary to include a backslash at the end of each line. the script will stop but no compile error will be displayed. no command or variable substitutions are performed on them. elseif syntax instead of switch. The second form makes it easy to construct multi-line commands. The second form places all of the patterns and commands together into a single argument. this form is convenient if substitutions are desired on some of the patterns or commands. Two syntaxes are provided for the pattern and body arguments.GLOBAL Commands • -regexp – When matching string to the patterns. with the elements of the list being the patterns and commands.

: D-030-01-00-0007 .b {format 1} abc {format 2} default {format 3} This example will return 3: switch xyz { a b {format 1} a* {format 2} default {format 3} } This example will send traffic with host header "www. ACOS 2. and requests with any other host header will be discarded: switch [string tolower [HTTP::host]] { www.7.GLOBAL Commands Example: This example will return 2: switch abc a . host header "www.com { pool www } www.0.domain.com" to pool www.domain.aFleX 2. No.1 7/2/2013 143 of 304 .com" will cause header manipulation and URI rewriting to take place first.domain2.domain2.com { HTTP::header insert Header1 domain2 HTTP::header replace Host www.A10 Thunder Series and AX Series – aFleX Reference Commands .com [HTTP::uri] "/domain2[HTTP::uri]" pool www } default { discard } } Related Information Valid Events: All Customer Driven Innovation Doc.domain.

You can specify multiple when commands within a single aFleX script.: D-030-01-00-0007 .A10 Thunder Series and AX Series – aFleX Reference Commands .10. All aFleX events begin with a when command.10] } { pool my_pool } } Related Information Valid Events: All whereis Returns geo-location information for a given IP address.7. The command performs a lookup in the geo-location database in use on the ACOS device. "Virtual Server: [virtual name]" } Related Information Valid Events: All when Specify an event in an aFleX script. Syntax when <event_name> Example: when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.0. Syntax virtual name Example: when HTTP_REQUEST { log local0. For example.GLOBAL Commands virtual Return the name of the associated virtual server that the connection is flowing through.aFleX 2. 144 of 304 Customer Driven Innovation Doc. ACOS 2.10.1 7/2/2013 . No. you can use this command in a script that looks up information in a geo-location database from a third-party vendor such as MaxMind or Neustar IP Intelligence.

"ASIA" "3758096128".aFleX 2."ASIA" "0016809984"."SG"."AUSTRALIA"."3758095871". This example uses a geo-location database that contains entries in the following format: "0000000000".."0016809983"."ASIA" "3758095872"."AS"."AS".."ASIA" "3758094336"."AS". then use a template to specify the data fields to extract from the database."3758094335"."CHINA"."3758096127"."AUSTRALIA"."JP"."OC"."0016777215"."AU". To use the geo-location database."AU". “ip-to-mask”."AS"."CHINA"."AS"."". No."TH". The aFleX script will use a GSLB CSV template to look up the data in 4 of the fields: “ip-from”.csv) file."AUSTRALIA".: D-030-01-00-0007 ."OCEANIA" ."OCEANIA" "3758095360". “continent” Customer Driven Innovation Doc."JAPAN". “”."0016842751"."JAPAN"."CHINA".1 7/2/2013 145 of 304 .."AS"."AS"."AUSTRALIA"."SINGAPORE". ACOS 2."OC"."0016793599". "3758093312"."0016781311"."CHINA"."0016777471"."ASIA" "0016778240".""."AS". load it to activate it."CN". “country”."JP".""."AU". Each entry in this database has 6 fields."AU"."CN"."CN"."3758095359"."ASIA" "0016785408". you must import it onto the ACOS device as a comma-separated values (.A10 Thunder Series and AX Series – aFleX Reference Commands ."ASIA" ."CN"."3758096383"."IN".7."" "0016777216"."0016785407"."AS".."INDIA".0."OC"."0016778239"."OC"."THAILAND"."0016779263"."OCEANIA" "0016777472".GLOBAL Commands Syntax whereis <ipaddr> Example: The following example uses a geo-location database from a thirdparty vendor to look up the location of clients who send requests to a specific VIP."ASIA" "0016781312"."ASIA" "0016793600". “”."OCEANIA" "0016779264".

GLOBAL Commands This example uses the following aFleX script to perform lookups in the database: when CLIENT_ACCEPTED { log "Country=[lindex [whereis 74.224.224.125..209.224.144] 1]" } The following steps show the AX configuration required to install the geolocation database and use the aFleX script to look up data in the database.114.125.80:/ipligence-lite.A10 Thunder Series and AX Series – aFleX Reference Commands .: D-030-01-00-0007 . 1.125.125.114.csv Password []******** Importing . ACOS 2. 2.1 7/2/2013 .56] 1]" log "Country=[lindex [whereis 123.224. The following commands change the CLI to the global configuration level..35] 0]" log "Continent=[lindex [whereis 74.aFleX 2. No.csv format onto the ACOS device: AX#import geo-location ipligence-lite.56] 0]" log "Continent=[lindex [whereis 74.0.125.168.125.7.144] 0]" log "Continent=[lindex [whereis 123.csv use-mgmt-port scp:// root@192. The following command imports a geo-location database file in . and configure a template for extracting data from the geo-location database: AX#config AX(config)#gslb template csv geo-lookup AX(config-gslb template csv)#field 1 ip-from AX(config-gslb template csv)#field 2 ip-to-mask AX(config-gslb template csv)#field 6 continent AX(config-gslb template csv)#field 3 country AX(config-gslb template csv)#exit 146 of 304 Customer Driven Innovation Doc.35] 1]" log "Country=[lindex [whereis 74.

: D-030-01-00-0007 . S(sub)/R(sub range) M(manually config)/B(built-in) Global Name From To Last Hits Sub T -------------------------------------------------------------------------------NORTH AMERICA 74.aFleX 2. Sub = Count of Sub Geo-location G(global)/P(policy).124.GLOBAL Commands 3.csv T test 100% 191805 191805 4 4.125.206.88 74.1 7/2/2013 147 of 304 . No.A10 Thunder Series and AX Series – aFleX Reference Commands .33 Last = Last Matched Client.126. ACOS 2.0.255 0 17821GR . The following commands load the geo-location database (the .95. Err/W = Error or Warning T = T(Template)/B(Built-in) Filename T Template Per Lines Success Err/W -------------------------------------------------------------------------------iana* B 100% 77 77 0 ipligence-lite. Hits = Count of Client matched T = Type. and verify that it is loaded and activated: AX(config)#gslb geo-location load ipligence-lite.csv geo-lookup AX(config)#show gslb geo-location file Per = Percentage of loading.7.US Customer Driven Innovation Doc. The following command texts the database by looking up the location information for a client IP address: AX(config)#show gslb geo-location ip 74.224.csv file) to activate it.

224. these also are required for a functioning configuration. AX(config)#slb virtual-server vip-L7-25-130 10. The following commands bind the aFleX script to a virtual port.125.7.10. such as use of Network Address Translation (NAT).35] 1]" log "Country=[lindex [whereis 74. Alternatively.GLOBAL Commands 5. ACOS 2.224. Customer Driven Innovation Doc. The end command simply returns the CLI prompt directly to the Privileged EXEC configuration level. However.125.144] 0]" log "Continent=[lindex [whereis 123.224.125. 6. In this example.aFleX 2.114.56] 0]" log "Continent=[lindex [whereis 74.144] 1]" } . aFleX geo-lookup-script created.130 AX(config-slb vserver)#port 80 http AX(config-slb vserver-vport)#aflex geo-lookup-script AX(config-slb vserver-vport)#end 148 of 304 Note: For simplicity.125.35] 0]" log "Continent=[lindex [whereis 74. the script is copied-and-pasted into the CLI. The following command adds the aFleX script to the ACOS device. the example does not show configuration of the real servers and service group. the script can be configured elsewhere and then imported as a file. Note: The end command is not part of the VIP configuration.114.125. on a line by itself when done) when CLIENT_ACCEPTED { log "Country=[lindex [whereis 74. No. may be needed in a live network but is not shown here. Likewise.A10 Thunder Series and AX Series – aFleX Reference Commands .125.56] 1]" log "Country=[lindex [whereis 123. configuration for network connectivity.224. AX(config)#aflex create geo-lookup-script Type in your aFleX script (type .1 7/2/2013 .10. syntax check passed.0.: D-030-01-00-0007 .

CLIENT_DATA.0. SERVER_CONNECTED. HTTP_REQUEST_SEND. HTTP_RESPONSE_CONTINUE. this command will create a new variable. LB_FAILED.: D-030-01-00-0007 . ACOS 2. CLIENT_CLOSED. HTTP_RESPONSE_DATA Required AX Release: 2. HTTP_REQUEST. SERVER_CLOSED.1 7/2/2013 149 of 304 .A10 Thunder Series and AX Series – aFleX Reference Commands . Related Information Valid Events: All Customer Driven Innovation Doc. set Syntax set <global_variable> <value> Sets the <global_variable> to the specified <value>.0 or higher Global Variable Commands Beginning with ACOS 2. SERVER_DATA.1. you can use the following operators to quickly modify global variables across multiple parameters.aFleX 2. LB_SELECTED.7. No.7.7.GLOBAL Commands 7. the ACOS log lists the geo-location information for the client: ACOS#show log Log Buffer: 30000 May 15 2012 04:15:37 Info [AFLEX]:geo_test:Continent=ASIA May 15 2012 04:15:37 Info [AFLEX]:geo_test:Country=CN May 15 2012 04:15:37 Info [AFLEX]:geo_test:Continent=NORTH AMERICA May 15 2012 04:15:37 Info [AFLEX]:geo_test:Country=US May 15 2012 04:15:37 Info [AFLEX]:geo_test:Continent=NORTH AMERICA May 15 2012 04:15:37 Info [AFLEX]:geo_test:Country=US Related Information Valid Events: CLIENT_ACCEPTED. If the variable does not exist. After some traffic is sent to the VIP. HTTP_REQUEST_DATA. HTTP_RESPONSE.

Related Information Valid Events: All Required Release: ACOS 2.1 or higher incre Syntax incre <global_variable> Increments the <global_variable> by a value of 1.7.1 or higher unset Syntax unset <global_variable> Deletes the value for the <global_variable>.1 7/2/2013 . No.0.7.1 or higher 150 of 304 Customer Driven Innovation Doc.: D-030-01-00-0007 .A10 Thunder Series and AX Series – aFleX Reference Commands . Related Information Valid Events: All Required Release: ACOS 2.7.1 or higher get Syntax get <global_variable> Returns the value of the specified <global_variable>.aFleX 2.GLOBAL Commands Required Release: ACOS 2. This command will cause the specified variable to return an empty string. Related Information Valid Events: All Required Release: ACOS 2.7. ACOS 2.7.

7.0.7. The following list defines conditions for using these options.1. ACOS 2. For new entries. No. array size <global_array> Gets the number of elements in the <global_array>. • Apply Existing Configuration – Specify the <lifetime> or <timeout> as 0 to use existing configuration. • Set an Indefinite Expiration Time – Use “indefinite” or “indef” for the <timeout> or <lifetime> parameters to allow an entry to remain in the table indefinitely.A10 Thunder Series and AX Series – aFleX Reference Commands .: D-030-01-00-0007 .1 or higher Table Commands Beginning with ACOS 2. array get <global_array> <key> Gets a list of all pairs of elements in the <global_array>.Table Commands array Syntax array set <global_array> <key> <value> Sets the values of one or more elements in the <global_array>. Related Information Valid Events: All Required Release: ACOS 2. array names <global_array> Returns a list of names for all elements in the <global_array>. you can use the following aFleX commands to manage a table of data entries. this will set the <lifetime> or <timeout> to the default values.aFleX 2.7. Table Entry Expiration Date You can configure the <lifetime> and <timeout> values to predefine an expiration date for the table entries. Customer Driven Innovation Doc.1 7/2/2013 151 of 304 . These entries will not expire and can only be removed from the table explicitly or when the ACOS device is rebooted.

you can apply a <timeout> and <lifetime> to the entry. table set Syntax table set <name> [<lifetime>]] <key> <value> [<timeout> Sets a key in the table with the specified <value>.Table Commands Default Values • If <timeout> is not specified. No. Related Information Valid Events: All Required Release: ACOS 2.0. • If <lifetime> is not specified. Notes • By default. you can track connec- tions or requests. • An entry can have both a configured lifetime and timeout.: D-030-01-00-0007 . the timeout is set to the default of 180 seconds. the lifetime is set to “indefinite”.7. Optionally. ACOS 2. whereas the HTTP_REQUEST event represents every individual request. The entry is removed from the table for whichever expiration time comes first.7. The CLIENT_CONNECTED event represents TCP connections.1 7/2/2013 . • The <lifetime> option sets the entry to expire after the specified period of time. regardless of how many changes or lookups are performed on the entry.A10 Thunder Series and AX Series – aFleX Reference Commands .Returns the entry’s value after the set operation is complete. • Depending on the aFleX event used in the policy. session table entries are synced to the peer unit. This command adds a key if it does not already exist.1 or higher table add Syntax table add <name> [<lifetime>]] 152 of 304 <key> <value> [<timeout> Customer Driven Innovation Doc.aFleX 2.

no action is taken and an empty string is returned. Optionally. If -notouch is specified. you can apply a <timeout> and <lifetime> to the entry. then any existing entries for the key will not have an updated timestamp. No. If the specified key does not exist. If the key already exists.1 or higher table replace Syntax table replace [<lifetime>]] <name> <key> <value> [<timeout> Replaces the value in the table with the specified <key> or <value>.: D-030-01-00-0007 . Related Information Valid Events: All Required Release: ACOS 2. a key is not inserted and the existing value is returned.Table Commands Adds a key to the table with the specified <key> number and associated <value>.7.7.1 7/2/2013 153 of 304 . ACOS 2.1 or higher Customer Driven Innovation Doc.7. Optionally.0.1 or higher table lookup Syntax table lookup <name> [-notouch] <key> Returns the value associated with the specified key.aFleX 2. Related Information Valid Events: All Required Release: ACOS 2. This command returns the entry’s value after completing the replacement.A10 Thunder Series and AX Series – aFleX Reference Commands . Related Information Valid Events: All Required Release: ACOS 2.7. you can apply a <timeout> and <lifetime> to the entry.

If notouch is specified. Note: This command returns the entry’s value after the operation is complete.0. If the specified key does not exist. 1 is used by default.1 or higher table append Syntax table append <name> [-notouch] <key> <string> Appends a string to the value associated with the specified key.A10 Thunder Series and AX Series – aFleX Reference Commands . then no action is taken.: D-030-01-00-0007 .Table Commands table incr Syntax table incr <name> [-notouch] <key> [<num>] Increments the value associated with the specified key.7. No.1 7/2/2013 . Related Information Valid Events: All Required Release: ACOS 2.7. then no action is taken. ACOS 2. then any existing entries for the key will not have an updated timestamp. then any existing entries for the key will not have an updated timestamp.aFleX 2. If you do not specify a value for <num>. Related Information Valid Events: All Required Release: ACOS 2. This command returns the entry’s value after the operation is complete.7. If -notouch is specified. Note: If the key does not exist. in the specified table.1 or higher table delete Syntax table delete <name> <key>|-all 154 of 304 Customer Driven Innovation Doc.

Optionally. This command returns -1 if no lifetime is set for the specified key or the lifetime is indefinite.1 or higher table lifetime Syntax table lifetime <name> [-remaining] <key> table lifetime <name> <key> [<value>] Returns the lifetime for the specified key. Related Information Valid Events: All Required Release: ACOS 2. all keys and value pairs for that table are deleted.7.Table Commands Deletes the <key> or value pair with the specified key.1 or higher table timeout Syntax table timeout <name> [-remaining] <key> table timeout <name> <key> [<value>] Returns the timeout for the specified key. Specify the -remaining option to return the remaining time before the expiration timeout. instead of the timeout itself. Specify -remaining to return the remaining time before the expiration lifetime. this command also sets the lifetime for the key.0.7.: D-030-01-00-0007 . Customer Driven Innovation Doc. Note: This command returns -1 if no timeout is set for the specified key or the timeout is indefinite.1 7/2/2013 155 of 304 . instead of the lifetime itself. Optionally. this command also sets the timeout for the key. No.7.aFleX 2. Related Information Valid Events: All Required Release: ACOS 2. ACOS 2. If -all is specified in addition to a table name.A10 Thunder Series and AX Series – aFleX Reference Commands .

7.aFleX 2.1 7/2/2013 .7.1 or higher table keys Syntax table keys <name> [-count|-notouch] Returns a list of key and value pairs for the specified table.Table Commands Related Information Valid Events: All Required Release: ACOS 2. If count is specified. then existing entries will not have an updated timestamp.A10 Thunder Series and AX Series – aFleX Reference Commands .0. ACOS 2.1 or higher 156 of 304 Customer Driven Innovation Doc. Related Information Valid Events: All Required Release: ACOS 2.: D-030-01-00-0007 . but can lower system performance when used repeatedly. then the table entries will not have an updated timestamp and the command returns the number of keys in the specified table. Note: A10 Networks does not recommend using this command frequently in an aFleX policy. The table keys command provides useful debugging capabilities.7. If -notouch is specified. No.

Table Commands Example: In this example.1 7/2/2013 157 of 304 . the packet is dropped.aFleX 2.A10 Thunder Series and AX Series – aFleX Reference Commands . ACOS 2." } set count [table incr tmp_table $srcip] log "session count=$count" table lifetime tmp_table $srcip 2 if { $count > $::maxquery } { table add "blacklist" $srcip "blocked" indef $::holdtime log "blacklist table is created with $srcip " table delete tmp_table $srcip drop return } } Customer Driven Innovation Doc. No. the aFleX policy blacklists IP addresses for 10 minutes if traffic from the IP address makes more than 100 DNS queries per second: when RULE_INIT { set ::maxquery 100 set ::holdtime 600 } when CLIENT_ACCEPTED { set srcip [IP::remote_addr] if { [table lookup "blacklist" $srcip] != "" } { drop log "$srcip is blocked.: D-030-01-00-0007 ." return } set curtime [TIME::clock seconds] set key "count:$srcip:$curtime" if { [table lookup tmp_table $srcip] == "" } { table set tmp_table $srcip 1 log "$srcip's session table is created.0.7.

: D-030-01-00-0007 . No. • Multiple LID definitions may be available for a non-global LID. Syntax CLASS::exists <list-name> Example: when HTTP_REQUEST { log “classlist1 exists: [CLASS::exists classlist1]” } Related Information Valid Events: All Required AX Release: 2. Queries to a DNS class list gives no respect to character case. ACOS 2.1 7/2/2013 .A10 Thunder Series and AX Series – aFleX Reference Commands .7. either globally or on the virtual-server or virtual port.aFleX 2.0. This includes a LID in a policy template bound to a virtual port. For more information.7.0 or higher CLASS::match Queries class lists to check for matches and returns any component of a matching entry. Notes: • Queries to a string class list are case-sensitive. CLASS::exists Returns a Boolean value that indicates whether the class list exists. a LID in a policy template bound to a virtual server. string class lists can be referenced by name and exter- nally modified. and a LID configured in a system-wide policy template.) 158 of 304 Customer Driven Innovation Doc. • Class list commands require the LID to be defined in the configuration. see “LID Commands” on page 162. • In this release.Class List Commands Class List Commands Notes: • The class-list must be configured and attached to the same vport as the aFleX script using a policy template. (See “Example 2” on page 160. a LID in a DNS template bound to a virtual port.

Omitting the [ip | dns] argument will result in IP entries in the class list being searched first.1 with a list of addresses in a class list. CLASS::match <param> <list-name> <key> [ip | dns] Returns key of match when <param> matches an [ip | dns] entry in class list <list-name>. followed by DNS entries.Class List Commands • Class commands read class lists only and do not modify the entries in any way.10. use either of the following lines of syntax: [CLASS::match 10.1 7/2/2013 159 of 304 . ACOS 2. Syntax for Class List of Types Other than String CLASS::match <param> <list-name> [ip | dns] Returns whether <param> matches an [ip | dns] entry in class list <list-name>.10.10. followed by DNS entries. followed by DNS entries. Customer Driven Innovation Doc.aFleX 2. Omitting the [ip | dns] argument will result in IP entries in the class list being searched first. Omitting the [ip | dns] argument will result in IP entries in the class list being searched first. Syntax for Class Lists of Type String CLASS::match <param> <operator> <list-name> Returns whether <param> matches an entry in class list <classname>.A10 Thunder Series and AX Series – aFleX Reference Commands . CLASS::match <param> <operator> <list-name> <key> Returns key of match when <param> matches an entry in class list <list-name>.: D-030-01-00-0007 . No.7. CLASS::match <param> <list-name> <lid> [ip | dns] Returns LID of match (only if configured) when <param> matches an [ip | dns] entry in classlist <list-name>. Example: when HTTP_REQUEST { log “Matches: [CLASS::match abcd classlist1]” log “Key of Match: [CLASS::match abcd classlist1 key]” log “LID of Match: [CLASS::match abcd classlist1 lid]” } Note: To perform a comparison of IP address 10.10.1 $classlist ip] or [CLASS::match [IP::client_addr] $classlist ip] Use of IP::addr is not necessary if the CLASS::match command is used to perform address-to-address comparison.0.

A10 Thunder Series and AX Series – aFleX Reference Commands . ends_with.7.: D-030-01-00-0007 .0. the maximum number of string entries for a class list depends on the total available system memory of the ACOS device. equals Note: Beginning with AX Release 2. • Memory Size 80GB or greater – 64K entries • Memory Size 40GB or greater – 32K entries • Memory Size 15GB or greater – 16K entries • Memory Size 7GB or greater – 8K entries • Memory Size 7GB or less – 4K entries Example 1 when HTTP_REQUEST { log “Matches: [CLASS::match abcd starts_with classlist1]” log “Key of Match: [CLASS::match abcd starts_with classlist1 key]” log “LID of Match: [CLASS::match abcd starts_with classlist1 lid]” } Example 2 This example imports the values of a string class list named “cs1”.Class List Commands CLASS::match <param> <operator> <list-name> <lid> Returns LID of match when <param> matches an entry in class list <list-name>.aFleX 2. contains. CLASS::match <param> <operator> <list-name> <value> Returns value of match when <param> matches an entry in class list <list-name>.1 7/2/2013 . The <operator> can be any of the following: starts_with. when HTTP_REQUEST { if {[HTTP::cookie exists “cookie-name”]}{ set cookie_value [HTTP::cookie “cookie-name”] if { $cookie_value != “”} { set redirect_url [CLASS::match $cookie_value equals cs1 value] if { $redirect_url != “”} { HTTP::redirect $redirect_url } } } } Related Information Valid Events: All 160 of 304 Customer Driven Innovation Doc.0. ACOS 2. No.7.

ipv4]. • Explicitly configured: dns.0 or higher CLASS::names Returns a list of class-list names. ipv6.: D-030-01-00-0007 .7. [ipv6]. ipv6] If the type is a pair of empty brackets ( [] ). ACOS 2.7.0 or higher CLASS::type Returns the type of the specified class list.A10 Thunder Series and AX Series – aFleX Reference Commands . Example: when HTTP_REQUEST { log "classlist1 type: [CLASS::type classlist1]" } Customer Driven Innovation Doc.Class List Commands Required AX Release: 2.1 7/2/2013 161 of 304 . string • Implicitly configured by the ACOS device based on the class-list entries: []. No. [dns. the class list does not contain any entries.7.0. [dns. ipv4. Syntax CLASS::type <list-name> The type value that can be returned by aFleX depends on whether the type was explicitly specified during class-list configuration. [dns]. [ipv4].aFleX 2. Syntax CLASS::names Example: when HTTP_REQUEST { log "list of class-lists: [CLASS::names]" } Related Information Valid Events: All Required AX Release: 2.

the LID must be configured and attached to the same vport as the aFleX policy using the template.0.aFleX 2.7. one each for a matching LID where conn-limit is configured.: D-030-01-00-0007 . Syntax LID::conn_limit <lid-id> Example: when HTTP_REQUEST { log "glid1 conn-limit: [LID::conn_limit glid1]" } Related Information Valid Events: All Required AX Release: 2.1 7/2/2013 . If GLID is used.LID Commands Related Information Valid Events: All Required AX Release: 2.7.0 or higher LID Commands Commands for reading Limit IDs (LIDs). Note: Multiple LID definitions may be available for a non-global LID. LID::conn_limit Returns a list of conn-limit and LID type. No.A10 Thunder Series and AX Series – aFleX Reference Commands . a LID in a policy template bound to a virtual server. ACOS 2. This includes a LID in a policy template bound to a virtual port. a LID in DNS template bound to a virtual port.0 or higher 162 of 304 Customer Driven Innovation Doc. it must be configured and enabled on the configuration. Note: To apply these commands. and a LID configured in a system-wide policy template.7.

0.0 or higher Customer Driven Innovation Doc.7. Syntax LID::exists <lid-id> Example: when HTTP_REQUEST { log "glid1 exists: [LID::exists glid1]" } Related Information Valid Events: All Required AX Release: 2. Syntax LID::conn_rate_limit <param> Example: when HTTP_REQUEST { log "glid1 conn-rate-limit: [LID::conn_rate_limit glid1]" } Related Information Valid Events: All Required AX Release: 2.LID Commands LID::conn_rate_limit Returns a list of conn-rate-limit values and LID type. No.1 7/2/2013 163 of 304 .0 or higher LID::exists Returns a Boolean value that indicates whether the specified LID exists. one each for a matching LID where conn-rate-limit is configured.7.aFleX 2.: D-030-01-00-0007 .A10 Thunder Series and AX Series – aFleX Reference Commands .7. ACOS 2.

7.A10 Thunder Series and AX Series – aFleX Reference Commands . one each for a matching LID where request-limit is configured.1 7/2/2013 . Syntax LID::nat_pool <lid-id> Example: when HTTP_REQUEST { log "glid1 nat-pool: [LID::nat_pool glid1]" } Related Information Valid Events: All Required AX Release: 2. No.0. Syntax LID::request_limit <param> Example: when HTTP_REQUEST { log "glid1 request-limit: [LID::request_limit glid1]" } Related Information Valid Events: All Required AX Release: 2. ACOS 2.aFleX 2.LID Commands LID::nat_pool Returns a list of string and LID type.0 or higher LID::request_limit Returns a list of request-limit and LID type.0 or higher 164 of 304 Customer Driven Innovation Doc.: D-030-01-00-0007 .7. one each for a matching LID where nat-pool is configured.7.

ACOS 2.0 or higher LID::type Returns a list of LIDs of the specified type. Syntax LID::request_rate_limit <param> Example: when HTTP_REQUEST { log "glid1 request-rate-limit: [LID::request_rate_limit glid1]" } Related Information Valid Events: All Required AX Release: 2.6. The type can be one of the following: global. Syntax LID::type <param> Returns a list of LID types. No. vport-dns.0.7.2 or higher Customer Driven Innovation Doc. vport-policy.1 7/2/2013 165 of 304 .: D-030-01-00-0007 .LID Commands LID::request_rate_limit Returns a list of request-rate-limit values and LID type. one each for a matching LID.7. vserver-policy. one each for a matching LID where conn-rate-limit is configured.A10 Thunder Series and AX Series – aFleX Reference Commands .aFleX 2. system policy Example: when HTTP_REQUEST { log "glid1 type: [LID::type glid1]" } Related Information Valid Events: All Required AX Release: 2.

A10 Thunder Series and AX Series – aFleX Reference Commands .1 7/2/2013 .6.Link Commands Link Commands LINK::lasthop Returns the MAC address of the last hop.6. $info } Related Information Valid Events: All Required AX Release: 2.: D-030-01-00-0007 . Syntax LINK::nexthop Example: when SERVER_CONNECTED { set info "ethernet { [LINK::lasthop] -> [LINK::nexthop] tag [LINK::vlan_id] }" log local0.1-GR1 or higher 166 of 304 Customer Driven Innovation Doc.1-GR1 or higher LINK::nexthop Returns the MAC address of the next hop. No.7.aFleX 2.0. Syntax LINK::lasthop Example: when CLIENT_ACCEPTED { set sip [IP::addr [IP::remote_addr]] set lastmac [LINK::lasthop] session add uie $sip $lastmac 180 } Related Information Valid Events: All Required AX Release: 2. ACOS 2.

1 7/2/2013 167 of 304 .: D-030-01-00-0007 .0. Syntax LINK::vlan_id Example: when CLIENT_ACCEPTED { set info "client { [IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port] }" append info " ethernet " append info " { [string range [LINK::lasthop] 0 16] -> [string range [LINK::nexthop] 0 16] " append info "tag [LINK::vlan_id] }" log local0.6.1-GR1 or higher Load-balancing (LB) Commands LB::down Temporarily marks the current real port down for 30 seconds. Note: In some cases.aFleX 2. LB_SELECTED Customer Driven Innovation Doc. ACOS 2. Syntax: LB::down Example: See Example 2 in “LB::reselect” on page 168.A10 Thunder Series and AX Series – aFleX Reference Commands . Related Information Valid Events: LB_FAILED. In these cases a value of 0 will be returned.7. the VLAN ID may be unavailable. $info } Related Information Valid Events: All Required AX Release: 2. No.Load-balancing (LB) Commands LINK::vlan_id Returns the VLAN tag of the packet.

7. Syntax: LB::reselect [pool <pool-name> [<member>]] If you use the command without any of the optional parameters.aFleX 2. SLB selects the next available member (server and port) from the same service group used for the initial server selection.A10 Thunder Series and AX Series – aFleX Reference Commands . To prevent default server selection. As a result.Load-balancing (LB) Commands LB::reselect Reperforms server selection. “pool”. use the pool <pool-name> option.1 7/2/2013 . server template limits are applied for both service-group and server selection. “node”. new connections that match a persist uie entry may be unable to use the rport and a default server selection will occur instead. Example 1: In this aFleX policy. To specify the service group to use.e. use the no def-selection-if-pref-failed command for the vport. ACOS 2. • Failure to execute this command will not always lead the LB_FAILED event to be triggered.7.. • Beginning with AX Release 2.0. Commands that call for server selection (i. the HTTP::retry command retries sending a client’s request to a service port that replies with an HTTP 5xx status code. the LB::reselect command reassigns the client request to another server. etc. “persist”. No. the specified member is selected from the specified service group. If you also use the <member> option. Notes: • This command applies to Layer 7 traffic only for HTTP and HTTPS. If the first server continues to reply with a 5xx status code after 3 retries.) will enforce server template limits on the selected server.0.: D-030-01-00-0007 . 168 of 304 Customer Driven Innovation Doc.

ACOS 2.0.aFleX 2. when CLIENT_ACCEPTED { set retry 0 set max_retry 3 } when HTTP_REQUEST { log "In HTTP_REQUEST: $retry" log "End HTTP_REQUEST" } Customer Driven Innovation Doc.7.Load-balancing (LB) Commands when CLIENT_ACCEPTED { set retry 0 set max_retry 3 set reselect 0 } when LB_SELECTED { if { $retry > 0 } { LB::reselect incr reselect } } when HTTP_RESPONSE { set status [HTTP::status] if { $retry < $max_retry } { if { $status starts_with "5" } { incr retry HTTP::retry } } } Example 2: This aFleX policy is similar to the one above.A10 Thunder Series and AX Series – aFleX Reference Commands . except the LB::down command in the policy marks the service port down for 30 seconds. No.1 7/2/2013 169 of 304 .: D-030-01-00-0007 .

No.aFleX 2. After a service group is selected. number of retry per pool set max_retry_per_pool 6 170 of 304 Customer Driven Innovation Doc. the other service group is selected. then select the service group with fewer total connections. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference Commands .1 7/2/2013 . If a retry occurs. a third service group is used. If the maximum number of retries has already been reached.$status" if { $retry < $max_retry } { if { $status starts_with "5" } { log "2.0. the LB::reselect command selects another server from the same service group.: D-030-01-00-0007 . when CLIENT_ACCEPTED { #set initial retires count equal to 0 set retries 0 # variable for the first time set first 0 # number of retry per pool set retry_cnt_per_pool 0 # max. the policy selects a server from the group. If both service groups have reached the maximum number of retries.Load-balancing (LB) Commands when LB_SELECTED { log "In LB_SELECTED: current retry count = $retry" if { $retry > 0 } { log "In LB_RESLECT" LB::down LB::reselect } log "End LB_SELECTED" } when HTTP_RESPONSE { log "In HTTP_RESPONSE" set status [HTTP::status] log "1.7.$status" incr retry HTTP::retry } } log "End HTTP_RESPONSE" } Example 3: This aFleX policy uses the STATS::get command to retrieve total connection statistics two service groups.

No.: D-030-01-00-0007 .Load-balancing (LB) Commands # number of pool retry set num_pool_retry 0 # max.7.0.aFleX 2. number of pool to retry set max_pool_retry 1 # Next pool to try set next_pool "sg-tcp80-2" # Error status code set error_code "500" # Reselect counter set reselect 0 # Total retry counter set retry 0 } when HTTP_REQUEST { # Get service group 1 status set group_data_1 [STATS::get pool sg-tcp80-1 total-connection] # Get service group 1 status set group_data_2 [STATS::get pool sg-tcp80-2 total-connection] #Based on the status of each service group to decide which pool the 1st packet should #go to. if { $first == 0 } { if {$group_data_1 > $group_data_2} { pool "sg-tcp80-2" set flag "2" } else { pool "sg-tcp80-1" set flag "1" } } log "End HTTP_REQUEST" } when LB_SELECTED { if { $first == 0} { set first 1 } elseif { $retries < $max_retry_per_pool} { # select next member in the same pool LB::reselect incr reselect } elseif { $num_pool_retry < $max_pool_retry } { incr num_pool_retry set retries 0 # select other pool Customer Driven Innovation Doc. ACOS 2.1 7/2/2013 171 of 304 .A10 Thunder Series and AX Series – aFleX Reference Commands .

0. LB::server pool returns the pool of the currently selected member.: D-030-01-00-0007 .aFleX 2.20. LB_SELECTED LB::server Returns the results of pool and node selection.20. ACOS 2. No. node IP address. If no server was selected when the script was executed. 172 of 304 Customer Driven Innovation Doc. or all servers are down.37 80 incr reselect } } } when HTTP_RESPONSE { log "In HTTP_RESPONSE" set r_status [HTTP::status] if { $r_status starts_with "5" } { incr retries # reselect next member or another pool HTTP::retry incr retry } } Related Information Valid Events: LB_FAILED. If no server was selected when the script was executed. Syntax LB::server [pool | addr | port] LB::server returns a Tcl list containing the pool.37 80 current-connection] if {$traffic < 10000} { LB::reselect pool sg-tcp80-3 member 20.Load-balancing (LB) Commands if {$flag equals "1"} { LB::reselect pool sg-tcp80-2 incr reselect } else { LB::reselect pool sg-tcp80-1 incr reselect } } else { set traffic [STATS::get pool sg-tcp80-3 member 20.20.20. the command returns only the default pool name.A10 Thunder Series and AX Series – aFleX Reference Commands .7.1 7/2/2013 . the command returns only the default pool name. and Layer 4 protocol port selected by SLB. node. or all servers are down.

This command is available beginning with AX Release 2. If no server was selected when the script was executed.aFleX 2.0.: D-030-01-00-0007 . No. LB::server port returns the port of the currently selected pool member.Load-balancing (LB) Commands LB::server addr returns the IP address of the currently selected pool member.A10 Thunder Series and AX Series – aFleX Reference Commands .0. or all servers are down.2. If no server was selected when the script was executed. the command returns null.6.19" { HTTP::header replace Host server2.7. LB::server name returns the name of the currently selected pool member.2.18" { HTTP::header replace Host server1.com } } } Example: The following script takes a specified action if all servers in the default pool are down: when HTTP_REQUEST { # Check if the default pool has less than one active member if { [active_members [LB::server pool]] < 1 } { [do something] } } Customer Driven Innovation Doc. If no server was selected when the script was executed. Example: The following script replaces the Host header with a header that contains the backend server’s hostname: when LB_SELECTED { switch [LB::server addr] { "10. or all servers are down.1 7/2/2013 173 of 304 . ACOS 2. the command returns null.example. the command returns null.com } "10.example. or all servers are down.0.2.

the port number and the transport protocol (tcp or udp) also are required.A10 Thunder Series and AX Series – aFleX Reference Commands . Syntax LB::status node <ipaddr> [port <port-num> {tcp | udp}] If you specify the node IP address only. No.4.7.Load-balancing (LB) Commands Example: The following script will return the name of the default pool because server selection has not taken place yet. the Layer 3 health status of the server is returned. LB_SELECTED.aFleX 2.1 7/2/2013 .222 port 7000 is UP! ***" } else { log "*** Server 10. HTTP_REQUEST.100. If you use the port option.0. HTTP_REQUEST_DATA. SERVER_CONNECTED.1. Example: when HTTP_REQUEST { if { [LB::status node 10. ACOS 2. when CLIENT_ACCEPTED { # Save the name of the VIP's default pool set default_pool [LB::server pool] } Related Information Valid Events: LB_SELECTED.222 port 7000 tcp] equals "up"} { log "*** Server 10.222 port 7000 is DOWN! ***" } } Note: 174 of 304 In AX Release 2. the health status of the port is also returned. this command supports using a variable for the protocol port number.1. CLIENT_ACCEPTED LB::status node Returns the health check status of a node. The health status returned by the command is “up” or “down”.: D-030-01-00-0007 . LB_FAILED.100. For example. LB_FAILED.3-P2 and later.100.1. SERVER_CONNECTED. If you also specify a protocol port and its transport protocol. the following is valid: Customer Driven Innovation Doc.

Syntax LB::status pool <pool_name> [member <ipaddr> [<port_num>]] [partition shared] If you specify the pool name only.12.100.A10 Thunder Series and AX Series – aFleX Reference Commands .222 7000] equals "up"} { log "member 10.: D-030-01-00-0007 .1.222 port 7000 of service group svcgroup-1 is DOWN!" } } Related Information Valid Events: All Customer Driven Innovation Doc. the health status of the group is returned.1.100. No.1 7/2/2013 175 of 304 . ACOS 2.100. Example: when HTTP_REQUEST { if { [LB::status pool svcgroup-1 member 10. the health status of the specified member or port is returned.1.7.Load-balancing (LB) Commands Example: set server_ip "192.222 port 7000 of service group svcgroup-1 is UP!" } else { log "member 10.168. If you also specify a member (node) IP address and. service port number. The health status returned by the command is “up” or “down”.0. optionally.101" set server_port "80" if { [LB::status node $server_ip port $server_port tcp] equals "up" } Related Information Valid Events: All LB::status pool Returns the health check status of a pool.aFleX 2.

Use caution when specifying a value larger than the size of the actual length.9" HTTP::close } Related Information Valid Events: HTTP_REQUEST. it triggers aFleX event HTTP_REQUEST_DATA or HTTP_RESPONSE_DATA depending on the data coming from. Syntax HTTP::close Example: when HTTP_RESPONSE { HTTP::version "0. the HTTP_RESPONSE_DATA event is not triggered since no data is collected.1 7/2/2013 .HTTP Commands HTTP Commands HTTP::close Inserts a “Connection: close” header and closes the HTTP connection. When the system collects the specified amount of HTTP content data. You can use this command with the HTTP::request or HTTP::payload <size> command. HTTP_RESPONSE HTTP::collect Collects the amount of data that you specify with the <length> argument. Customer Driven Innovation Doc.aFleX 2. HTTP::collect [<length>] Collects the amount of data that you specify with the <length> argument.7. No. Note: 176 of 304 If you specify length 0.0. Doing so can stall the connection.: D-030-01-00-0007 . Syntax HTTP::collect Collects data.A10 Thunder Series and AX Series – aFleX Reference Commands . Doing so can stall the connection. Use caution when omitting the value of the content length. ACOS 2.

If the HTTP::payload replace command is used in the same aFleX policy as the HTTP::collect command: • For packets that do not contain chuck-encoded data. this feature will not work properly. The packet received by the client will not be chunk-encoded. Customer Driven Innovation Doc. ACOS 2. tar. the ACOS device collects as much data as specified by the header.25 MB of data is collected (This is the maximum amount that can be collected. the ACOS device behaves as follows: • If the packet has an HTTP Content-Length header. the ACOS device will keep collecting data until one of the following occurs: • 1. • In the current release. bz. No. gz.: D-030-01-00-0007 . If the object to be collected is very large. and so on).aFleX 2.0. up to the maximum allowed. • If the packet does not have an HTTP Content-Length header.A10 Thunder Series and AX Series – aFleX Reference Commands .) • A zero-size chunk-encoded packet is received • RST is received from the server • FIN is received from the server Generally. a packet without a Content-Length header will be a chunkencoded packet.1 7/2/2013 177 of 304 . • For chunk-encoded packets.25 MB. The ACOS device will then replace the content with the new string without re-chunking the payload. If the server response is compressed (transfer-encoded. The HTTP::collect command is not supported if RAM caching is enabled. by removing the chunk header and assembling the packet. the HTTP::payload replace command only sup- ports clear text replacement. performance can be affected.7. 1. Notes: The ACOS device buffers the entire payload before replying to the client.HTTP Commands If the <length> option is not used. the ACOS device will replace the collected data with the specified string. the command will de-chunk the packet first.

: D-030-01-00-0007 . HTTP_RESPONSE. Previous to this releases.7.1 7/2/2013 . This command replaces the http_cookie command.A10 Thunder Series and AX Series – aFleX Reference Commands .HTTP Commands If the server does use encoded responses. For example: when HTTP_REQUEST { if { [HTTP::header exist "Accept-Encoding"] } { HTTP::header remove “Accept-Encoding” } } Note: Chunk-encoded responses are supported with this command only in AX Release 2. you can work around this by using an aFleX policy to remove the Accept-Encoding header from HTTP requests. HTTP_RESPONSE_DATA HTTP::cookie Queries for or manipulates cookies in HTTP requests and responses.aFleX 2. the command was not supported for responses that were not chunk encoded and also did not have a Content-Length header. HTTP_REQUEST_DATA.4. ACOS 2. No.2-P2 or later. The command supports compression only in AX Release 2.1 or later. Example: when HTTP_RESPONSE { if {[HTTP::status] == 205}{ HTTP::collect [HTTP::header Content-Length] } } Related Information Valid Events HTTP_REQUEST. Syntax HTTP::cookie names HTTP::cookie count HTTP::cookie [value] <name> [<string>] HTTP::cookie version <name> [version] HTTP::cookie path <name> [path] HTTP::cookie domain <name> [domain] 178 of 304 Customer Driven Innovation Doc.4.0.

HTTP::cookie ports <name> [portlist] Sets or gets the cookie port lists for V1 cookies.0. The default value for the version is 0. HTTP::cookie count Returns the number of cookies present in the HTTP header.HTTP Commands HTTP::cookie ports <name> [portlist] HTTP::cookie insert name <name> value <value> [path <path>] [domain <domain>] [version <0 | 1 | 2>] HTTP::cookie remove <name> HTTP::cookie sanitize [attribute]+ HTTP::cookie exists <name> HTTP::cookie maxage <name> [seconds] HTTP::cookie expires <name> [seconds] [absolute | relative] HTTP::cookie comment <name> [comment] HTTP::cookie secure <name> [enable|disable] HTTP::cookie commenturl <name> [commenturl] HTTP::cookie discard <name> [enable|disable] HTTP::cookie names Returns the names of all the cookies present in the HTTP header. HTTP::cookie version <name> [version] Sets or gets the version of the cookie.7.aFleX 2. HTTP::cookie [value] <name> [string] Sets or gets the cookie value of the given name in an HTTP request. HTTP::cookie domain <name> [domain] Sets or gets the cookie domain. HTTP::cookie insert name <name> value <value> [path <path>] [domain <domain>] [version <0 | 1 | 2>] Adds or replaces a cookie in an HTTP response. Customer Driven Innovation Doc.: D-030-01-00-0007 . You can omit the keyword "value" from this command if the cookie name does not collide with any of the other commands.A10 Thunder Series and AX Series – aFleX Reference Commands .1 7/2/2013 179 of 304 . ACOS 2. HTTP::cookie path <name> [path] Sets or gets the cookie path. No.

Applies to response messages only.aFleX 2. The default number of seconds is relative. Applies to Version 1 cookies only. which is the number of seconds from the current time. Applicable only to Version 1 cookies. HTTP::cookie discard <name> [enable | disable] Sets or gets the value of the discard attribute. HTTP::cookie expires <name> [seconds] [absolute | relative] Sets or gets the expires attribute.1 7/2/2013 . Applicable only to Version 1 cookies. HTTP::cookie sanitize [attribute]+ Removes all but the specified attributes from the cookie. HTTP::cookie comment <name> [comment] Sets or gets the cookie comment. Applicable only to Version 2 cookies. and applies to response messages only. Applies to response messages only. HTTP::cookie exists <name> Returns a true value if the cookie exists. ACOS 2. and applies to response messages only. the seconds value represents number of seconds since the UNIX epoch (January 1. changes made by the HTTP::header command are discarded.0. If you specify the absolute argument.: D-030-01-00-0007 .HTTP Commands HTTP::cookie remove <name> Removes a cookie. and applies to response messages only. HTTP::cookie secure <name> [enable | disable] Sets or gets the value of the secure attribute.A10 Thunder Series and AX Series – aFleX Reference Commands . No. Applies to Version 0 cookies only.7. and applies to response messages only. Note: 180 of 304 When both HTTP::cookie and HTTP::header commands modify the same header. Customer Driven Innovation Doc. HTTP::cookie maxage <name> [seconds] Sets or gets the max-age. HTTP::cookie commenturl <name> [commenturl] Sets or gets the comment URL. 1970).

Customer Driven Innovation Doc.aFleX 2. HTTP_REQUEST_DATA HTTP::header Queries for or manipulates an HTTP header.: D-030-01-00-0007 . You can omit the <value> argument if the header name does not collide with any of the subcommands. ACOS 2.com/" } Related Information Valid Events: HTTP_REQUEST.A10 Thunder Series and AX Series – aFleX Reference Commands .mysite. HTTP_RESPONSE HTTP::fallback Specifies or overrides the fallback host specified in the HTTP profile.HTTP Commands Example: when HTTP_REQUEST { if { [HTTP::cookie exists "cookie-name"] } { set cookie_s [HTTP::cookie "cookie-name"] HTTP::cookie remove "cookie-name" HTTP::cookie insert name WLSID value $cookie_s } } Related Information Valid Events: HTTP_REQUEST.7. Syntax HTTP::fallback <host> Example: when LB_FAILED { HTTP::fallback "http://siteunavailable. Syntax HTTP::header [value] <name> Returns the value of the HTTP header named <name>.0.1 7/2/2013 181 of 304 . No. HTTP::header names Returns a list of all the headers present on the request or response.

otherwise. HTTP::header at <index> Returns the HTTP header that the ACOS device finds at the zero-based index value. the command adds the header.: D-030-01-00-0007 .7. HTTP::header insert ["lws"] <name> <value> Inserts the named HTTP header and its value into the end of the HTTP request or response. the command does not remove essential HTTP headers. HTTP::header remove <name> Removes all headers names with the name <name>. If you specify "lws". the ACOS device adds linear white space to long header values. This command performs a header insertion if the header was not present. the ACOS device treats the list as a list of name/value pairs. the ACOS device adds linear white space to long header values. Optional arguments for these header fields are addr and service. However. respectively. HTTP::header sanitize <header name>+ Removes all but the headers you specify. HTTP::header replace <name> [<string>] Replaces the last occurrence of the named header with the string <string>. v2. v3. This release supports the following new options for the HTTP::header command: HTTP::header at <index> [nvp] 182 of 304 Customer Driven Innovation Doc. If you specify "lws". …} Passes a Tcl list to insert into a header. the command replaces the header.0.1 7/2/2013 . HTTP::header insert_modssl_fields [addr | service] Inserts the HTTP header field ClientIPAddress or ClientTCPService. If the header is present. v1.A10 Thunder Series and AX Series – aFleX Reference Commands . ACOS 2. HTTP::header [value] <name> <string> Sets the value of the named header.aFleX 2. n2. n3. HTTP::header exists <name> Returns true if the named header is present on the request or response. HTTP::header insert ["lws"] {n1. You can omit the <value> argument if the header name does not collide with any other values. In such cases. No.HTTP Commands HTTP::header count Returns the number of HTTP headers present in the request or response.

: D-030-01-00-0007 . HTTP::header values <name> Returns value(s) of the HTTP header named <name>. if specified) of the HTTP request. changes made by the HTTP::header command are discarded.aFleX 2. Note: If there are multiple headers with the same name. This command replaces the http_host command. Note: When both HTTP::cookie and HTTP::header commands modify the same header.0. If there is a single value for the HTTP header.A10 Thunder Series and AX Series – aFleX Reference Commands . the command returns a list of values for all of the headers. HTTP_RESPONSE HTTP::host Returns the host name (and port. The nvp option returns the entire header as a name-value-pair (NVP).1 7/2/2013 183 of 304 .7. ACOS 2. Syntax HTTP::host Example: when HTTP_REQUEST { if { [HTTP::uri] contains "secure"} { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } } Customer Driven Innovation Doc. that value will be returned.HTTP Commands Returns the HTTP header that the ACOS device finds in at the zero-based index value. No. Example: when HTTP_REQUEST { if { [HTTP::header "Host"] starts_with "andrew" } pool andrew_pool } else { pool main_pool } } { Related Information Valid Events: HTTP_REQUEST. HTTP_REQUEST_SEND.

Syntax HTTP::is_redirect Example: when HTTP_RESPONSE { if { [HTTP::is_redirect] } { log local0.A10 Thunder Series and AX Series – aFleX Reference Commands ." } } 184 of 304 Customer Driven Innovation Doc. HTTP_RESPONSE.: D-030-01-00-0007 . ACOS 2.0. No.1 7/2/2013 . HTTP_REQUEST_DATA. Syntax HTTP::is_keepalive Example: when HTTP_RESPONSE { if {[HTTP::is_keepalive]}{ HTTP::close } } Related Information Valid Events: HTTP_REQUEST. "Request redirected. HTTP_RESPONSE_DATA HTTP::is_redirect Returns a true value if the response is a certain type of redirect. HTTP_REQUEST_DATA.HTTP Commands Related Information Valid Events: HTTP_REQUEST. HTTP_RESPONSE HTTP::is_keepalive Returns a true value if this is a Keep-Alive connection.aFleX 2.7.

A10 Thunder Series and AX Series – aFleX Reference Commands .aFleX 2.: D-030-01-00-0007 .HTTP Commands Related Information Valid Events: HTTP_REQUEST. "Path . "Host .com/exchange. HTTP_RESPONSE_DATA HTTP::method Returns the type of HTTP request method. Customer Driven Innovation Doc.1 7/2/2013 185 of 304 .company. No. HTTP_RESPONSE. HTTP_REQUEST_DATA. Syntax HTTP::method Example: when HTTP_REQUEST { log local0. HTTP_REQUEST_DATA HTTP::path Returns the path part of the HTTP request.0. ACOS 2.company. "HTTP Method: [HTTP::method]" } Related Information Valid Events: HTTP_REQUEST.[HTTP::host]" log local0.[HTTP::path]" } Webmail redirect example: https://webmail.7. Syntax HTTP::path [<string>] Example: when HTTP_REQUEST { log local0.com is redirected to https://webmail.

A10 Thunder Series and AX Series – aFleX Reference
Commands - HTTP Commands
This is the correct path for exchange. Redirected traffic then passes to the
webmail pool.
when HTTP_REQUEST {
if { [HTTP::path] equals "/" } {
HTTP::redirect "https://[HTTP::host]/exchange/"
#log local0. "redirect"
} else {
pool pool_webmail
#log local0. "using pool "
}
}

Related Information
Valid Events:
HTTP_REQUEST, HTTP_REQUEST_DATA

HTTP::payload
Queries for or replaces content information. With this command, you can
retrieve content, query for content size, or replace a certain amount of content.
Syntax
HTTP::payload [<size>]
Returns the content that the HTTP::collect command has collected thus far.
If you do not specify a size, the system returns the collected content.
HTTP::payload length
Returns the size of the content that the command has collected thus far, not
including the HTTP headers.
HTTP::payload <offset> <size>
Returns the content that the HTTP::collect command has collected, starting
at <offset> with size equals <size>.
HTTP::payload replace <offset> <size> <string>
Replaces the amount of content that you specified with the <size> argument, starting at <offset> with <string>.

186 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
Commands - HTTP Commands
Example:
when HTTP_RESPONSE {
if {[HTTP::status] == 205}{
HTTP::collect [HTTP::header Content-Length]
}
}
when HTTP_RESPONSE_DATA {
HTTP::respond 200 content [HTTP::payload]
}
when HTTP_RESPONSE_DATA {
regsub -all "oursite" [HTTP::payload] "oursitedev" newdata
log "Replacing payload with new data."
HTTP::payload replace 0 $clen $newdata
HTTP::release
}

Related Information
Valid Events
HTTP_REQUEST, HTTP_REQUEST_SEND, HTTP_RESPONSE,
HTTP_RESPONSE_DATA

HTTP::query
Returns the query part of the HTTP request.
Syntax
HTTP::query
Example:
when HTTP_REQUEST {
log local0. "http_path [HTTP::path]"
log local0. "http_query [HTTP::query]"
}

Related Information
Valid Events:
HTTP_REQUEST, HTTP_REQUEST_DATA

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

187 of 304

A10 Thunder Series and AX Series – aFleX Reference
Commands - HTTP Commands

HTTP::redirect
Redirects an HTTP request or response to the specified URL.
Note:

This command sends the response to the client immediately. Therefore,
you cannot specify this command multiple times in an aFleX script, nor
can you specify any other commands that modify header or content, after
you specify this command.
Syntax
HTTP::redirect <url>

Example:
when HTTP_RESPONSE {
if { [HTTP::status] contains "404"} {
HTTP::redirect "http://www.siterequest.com/"
}
}

Related Information
Valid Events
HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_RESPONSE,
HTTP_RESPONSE_DATA

HTTP::release
Releases the collected data. Unless a subsequent HTTP::collect command was issued, there is no need to use the HTTP::release command
inside of the HTTP_REQUEST_DATA and HTTP_RESPONSE_DATA
events, since in these cases, the data is implicitly released.
Syntax
HTTP::release
Example:
when HTTP_RESPONSE_DATA {
regsub -all "oursite" [HTTP::payload] "oursitedev" newdata
log "Replacing payload with new data."
HTTP::payload replace 0 $clen $newdata
}

188 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
Commands - HTTP Commands
Related Information
Valid Events
HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_RESPONSE,
HTTP_RESPONSE_DATA

HTTP::request
Returns the raw request header string. You can access the request payload
using the HTTP::collect command.
Syntax
HTTP::request
Example:
when HTTP_REQUEST {
# save original request
set req [HTTP::request]
# flag as new request needing lookup
set lookup 1
# inject lookup URI in place of original request
HTTP::uri "/page.aspx?ip=[IP::client_addr]"
# set pool to lookup server pool
pool lookup_server
}

Related Information
Valid Events:
HTTP_REQUEST, HTTP_REQUEST_DATA

HTTP::request_num
Returns the number of HTTP requests that a client made on the connection.
Syntax
HTTP::request_num
Example:
when HTTP_REQUEST {
log local0. "Request number [HTTP::request_num]"
}

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

189 of 304

A10 Thunder Series and AX Series – aFleX Reference
Commands - HTTP Commands
Related Information
Valid Events:
HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_RESPONSE,
HTTP_RESPONSE_DATA

HTTP::respond
Allows users to generate or rewrite a client request or a server response.
This is a powerful API that allows users to generate or rewrite a client
request or a server response. When the system runs the command on the client side, it sends the response to the client without any load balancing taking
place. If the system runs the command on the server side, the content from
the actual server is discarded and replaced with the information provided to
this API.
Note:

The maximum size response that can be sent using this command is
64 KB.

Note:

Because the system sends the response data immediately after this aFleX
script runs, A10 Networks recommends that you not run any more aFleX
scripts after this API.
Syntax
HTTP::respond <status code>
[content <content Value>]
[<Header name> <Header Value>]+

Example:
To send a redirect with a cookie set.
when HTTP_REQUEST {
set ckname "app"
set ckvalue "893"
set cookie [format "%s=%s; path=/; domain=%s" $ckname $ckvalue
".domain.org"]
HTTP::respond 302 Location "http://www.domain.org" "Set-Cookie" $cookie
}

Or to send an apology page from with in the aFleX.
when HTTP_REQUEST {
HTTP::respond 200 content "<html><head><title>Apology Page</title></
head><body>We are sorry, but the site you are looking for is temporarily out of
service<br>If you feel you have reached this page in error, please try
again.<p></body></html>"
}

190 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
Commands - HTTP Commands
Related Information
Valid Events
HTTP_REQUEST, HTTP_REQUEST_DATA, HTTP_RESPONSE,
HTTP_RESPONSE_DATA, LB_FAILED
Note:

The LB_FAILED event is supported for this command in AX Release
2.6.1-GR1 or higher.

HTTP::retry
Resends an HTTP request to the server. This command triggers the
HTTP_REQUEST event.
Note:

This command is supported only for virtual port types HTTP and HTTPS.
They are not supported for fast-HTTP or any of the other virtual port
types.
Syntax:
HTTP:retry

Example:
when HTTP_RESPONSE {
if { [HTTP::status] equals "503"} {
HTTP::retry
}
}

Related Information
Valid Events:
HTTP_RESPONSE, HTTP_RESPONSE_DATA

HTTP::status
Returns the response status code.
Syntax
HTTP::status

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

191 of 304

ACOS 2. HTTP_RESPONSE_DATA HTTP::stream Replaces the specified string of an HTTP response.1 7/2/2013 . the response format after string replacement is always chunk-encoded (a Transfer-Encoding: chunked header). Syntax HTTP::stream replace <old_string> <new_string> Example: when HTTP_RESPONSE { HTTP::stream replace "abc" "ABC" HTTP::stream replace "x" "XYZ" } Related Information Valid Events: HTTP_RESPONSE 192 of 304 Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference Commands .aFleX 2.7.siterequest.com/" } } Related Information Valid Events: HTTP_RESPONSE. Output Format The content returned by the server can be of either a content-length or chunked header format.: D-030-01-00-0007 . No.0.HTTP Commands Example: when HTTP_RESPONSE { if { [HTTP::status] contains "404"} { HTTP::redirect "http://www. Note: In the current release. Regardless of whether the response from the server has a content-length or chunk-encoded header. this command can perform up to 32 instances of multiple string replacements.

: D-030-01-00-0007 .7.HTTP Commands HTTP::uri Returns or sets the URI of the request. Syntax HTTP::uri <string> The URI string does not include the protocol (http or https) or hostname. It should always start with a slash. starting with the slash after the hostname. This command replaces the http_uri command.A10 Thunder Series and AX Series – aFleX Reference Commands . just the path. HTTP::uri <string> Changes the URI passed to the server. HTTP_REQUEST_DATA Customer Driven Innovation Doc. Example: when HTTP_REQUEST { if { [HTTP::uri] ends_with "cgi" } { pool cgi_pool } elseif { [HTTP::uri] starts_with "/abc" } { pool abc_servers } } Make uri path start with /prefix if it doesn't already when HTTP_REQUEST { if { not ([HTTP::uri] starts_with "/prefix") } { HTTP::uri /prefix[HTTP::uri] } } Related Information Valid Events: HTTP_REQUEST.0.1 7/2/2013 193 of 304 .aFleX 2. No. ACOS 2.

: D-030-01-00-0007 .1"] Example: when HTTP_RESPONSE { HTTP::version "1. HTTP_RESPONSE. HTTP_REQUEST_DATA.aFleX 2. HTTP_RESPONSE_DATA 194 of 304 Customer Driven Innovation Doc.0" | "1. ACOS 2.1 7/2/2013 .9" | "1.A10 Thunder Series and AX Series – aFleX Reference Commands .0. No. Syntax HTTP::version ["0. This command replaces the http_version command.1" } Related Information Valid Events: HTTP_REQUEST.HTTP Commands HTTP::version Returns or sets the HTTP version of the request or response.7.

Syntax COMPRESS::enable Example: when HTTP_REQUEST { if { [IP::addr [IP::client_addr] equals 10. ACOS 2.Compression Commands Compression Commands COMPRESS::disable Disables compression for the current HTTP response.10] } { COMPRESS::enable } } Related Information Valid Events: HTTP_REQUEST.A10 Thunder Series and AX Series – aFleX Reference Commands . HTTP_RESPONSE.: D-030-01-00-0007 .aFleX 2.10] } { COMPRESS::disable } } Related Information Valid Events: HTTP_REQUEST. HTTP_RESPONSE_DATA COMPRESS::enable Enables compression for the current HTTP response. HTTP_RESPONSE. HTTP_RESPONSE_DATA Customer Driven Innovation Doc.7.10.10.0.10.1 7/2/2013 195 of 304 . Syntax COMPRESS::disable Example: when HTTP_RESPONSE { if { [IP::addr [IP::client_addr] equals 10.10. No.

Example: when HTTP_REQUEST { COMPRESS::gzip level 9 } Related Information Valid Events: HTTP_REQUEST.: D-030-01-00-0007 . Additional CPU usage can outweigh the benefit of a higher level. Setting the compression level to a higher value results in more HTTP compression. at a greater CPU cost.aFleX 2.A10 Thunder Series and AX Series – aFleX Reference Commands . No. HTTP_RESPONSE. For example.0. AES::decrypt Decrypts data using an AES key.AES Commands COMPRESS::gzip Sets the compression level for HTTP compression. ACOS 2.7. For best performance. Note: Syntax COMPRESS::gzip level <level> The <level> can be 1-9. setting compression to level 6 can provide equivalent performance to level 9. HTTP_RESPONSE_DATA Required AX Release: 2.1 7/2/2013 . A10 Networks recommends setting compression to level 1. Syntax AES::decrypt <key> <data> 196 of 304 Customer Driven Innovation Doc.0 or higher AES Commands Commands for performing Advanced Encryption Standard (AES) operations.7.

A10 Thunder Series and AX Series – aFleX Reference
Commands - AES Commands
Example:
when HTTP_REQUEST {
set key [AES::key password 256]
set decryptedData [AES::decrypt $key $encryptedData]
log local0. "The decrypted data is $decryptedData"
}

Related Information
Valid Events: All
Required AX Release: 2.7.0 or higher

AES::encrypt
Encrypts data using an AES key.
Syntax
AES::encrypt <key> <data>
Example:
when SERVER_DATA {
set key [AES::key password 256]
set encryptedData [AES::decrypt $key [TCP::payload]]
log local0. "The encrypted data is $encryptedData"
}

Related Information
Valid Events: All
Required AX Release: 2.7.0 or higher

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

197 of 304

A10 Thunder Series and AX Series – aFleX Reference
Commands - AES Commands

AES::key
Creates a random key to use for encrypting/decrypting data using AES.
The key returned has the following format:
<8-byte-header><16-byte-IV><16/24/32-byte-key>
The 8-byte header is of the form “AES xxx” where xxx is 128, 192, or 256.
The resulting key file can be 40, 48, or 56 bytes long.
Syntax
AES::key <passphrase> [256 | 192 | 128]
The [256 | 192 | 128] option specifies the key length, in bits. The
default is 128.
Example:
when SERVER_DATA {
set key [AES::key password 256]
set encryptedData [AES::decrypt $key [TCP::payload]]
log local0. "The encrypted data is $encryptedData"
}

Related Information
Valid Events: All
Required AX Release: 2.7.0 or higher

198 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
Commands - IP Commands

IP Commands
IP::addr
Performs comparison of IP address/subnet/supernet to IP address/subnet/
supernet. Returns 0 if no match, 1 for a match.
Note:

This command does NOT perform a string comparison. To perform a literal string comparison, simply compare the 2 strings with the appropriate
operator (equals, contains, starts_with, and so on) rather than using the
IP::addr comparison.
Syntax
IP::addr <addr1>[/<mask>] equals <addr2>[/<mask>]
IP::addr

Example:
To perform comparison of IP address 10.10.10.1 with subnet 10.0.0.0/8.
(Will return 1, since it is a match.)
[IP::addr 10.10.10.1 equals 10.0.0.0/8]
To perform comparison of client-side IP address with subnet 10.0.0.0/8.
(Will return 1 or 0, depending on client IP address.)
[IP::addr [IP::client_addr] equals 10.0.0.0/8]
To select a specific pool for a specific client IP address.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
pool my_pool
}
}

Related Information
Valid Events: All

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

199 of 304

A10 Thunder Series and AX Series – aFleX Reference
Commands - IP Commands

IP::client_addr
Returns the client IP address of a connection. This command is equivalent
to the command clientside { IP::remote_addr }.
Syntax
IP::client_addr
Example:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
pool my_pool
}
}

Related Information
Valid Events:
CLIENT_ACCEPTED, CLIENT_CLOSED, HTTP_REQUEST,
HTTP_REQUEST_DATA, HTTP_REQUEST_SEND,
HTTP_RESPONSE, HTTP_RESPONSE_DATA, LB_SELECTED,
SERVER_CONNECTED

IP::local_addr
This command is primarily useful for generic rules that are re-used. Also, it
is useful in reusing the connected endpoint in another statement or to make
routing type decisions. You can also specify the IP::client_addr and
IP::server_addr commands.
Syntax
IP::local_addr
Returns the IP address of the AX being used in the connection. In the clientside context, this is the destination IP address (virtual IP address). In the
serverside context, this is the source IP address (SNAT address if SNAT is
used, else spoofed client IP address).

200 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
Commands - IP Commands
Example:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::local_addr] equals 172.16.32.2] } {
pool deprecated_site
} else {
pool current_site_pool
}
}
when SERVER_CONNECTED {
log local0. "Source IP address for connection to node: [IP::local_addr]"
}

Related Information
Valid Events:
CLIENT_ACCEPTED, CLIENT_CLOSED, HTTP_REQUEST,
HTTP_REQUEST_DATA, HTTP_REQUEST_SEND,
HTTP_RESPONSE, HTTP_RESPONSE_DATA, LB_SELECTED,
SERVER_CLOSED, SERVER_CONNECTED

IP::protocol
Returns the IP protocol value.
Syntax
IP::protocol
Example:
when CLIENT_ACCEPTED {
if { [IP::protocol] == 6 } {
pool tcp_pool
} else {
pool slow_pool
}
}

Related Information
Valid Events:
CLIENT_ACCEPTED

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

201 of 304

A10 Thunder Series and AX Series – aFleX Reference
Commands - IP Commands

IP::remote_addr
Returns the IP address of the host on the far end of the connection. In the
clientside context, this is the client IP address. In the serverside context this
is the node IP address. You can also specify the IP::client_addr and
IP::server_addr commands, respectively.
Syntax
IP::remote_addr
Example:
when CLIENT_ACCEPTED {
if { [IP::addr [IP::remote_addr] equals 206.0.0.0/255.0.0.0] } {
pool clients_from_206
} else {
pool other_clients_pool
}
}
when SERVER_CONNECTED {
log local0. "Node IP address is: [IP::remote_addr]"
}

Related Information
Valid Events:
CLIENT_ACCEPTED, CLIENT_CLOSED, HTTP_REQUEST,
HTTP_REQUEST_DATA, HTTP_REQUEST_SEND,
HTTP_RESPONSE, HTTP_RESPONSE_DATA, LB_SELECTED,
SERVER_CLOSED, SERVER_CONNECTED

IP::server_addr
Returns the server’s (node’s) IP address, once a serverside connection has
been established. This command is equivalent to the command serverside
{IP::remote_addr}. The command returns 0 if the serverside connection has
not been made.
Syntax
IP::server_addr
Example:
when SERVER_CONNECTED {
log local0. "Node IP address: [IP::server_addr]"
}

202 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

SERVER_CONNECTED IP::stats Supplies information about the number of packets or bytes being sent or received in a given connection.aFleX 2. the ACOS device can apply a rule that sends the traffic to different pools of servers based on the ToS level within a packet. Note: This command replaces the ip_tos command.0.IP Commands Related Information Valid Events: HTTP_REQUEST_SEND.A10 Thunder Series and AX Series – aFleX Reference Commands . LB_SELECTED.7. Customer Driven Innovation Doc.1 7/2/2013 203 of 304 . ACOS 2. The Type of Service (ToS) standard is a means by which network equipment can identify and treat traffic differently based on an identifier. As traffic enters the site. SERVER_CLOSED. Syntax IP::stats pkts in Returns number of packets received IP::stats pkts out Returns number of packets sent IP::stats pkts Returns a Tcl list of packets in and packets out IP::stats bytes in Returns number of bytes received IP::stats bytes out Returns number of bytes sent IP::stats bytes Returns Tcl list of bytes in and bytes out Related Information Valid Events: All IP::tos Selects a different pool of servers based on the ToS level within a packet.: D-030-01-00-0007 . No. HTTP_RESPONSE.

ACOS 2.aFleX 2. Syntax IP::ttl Example: when CLIENT_ACCEPTED { if { [IP::ttl] < 3 } { drop } } Related Information Valid Events: CLIENT_ACCEPTED 204 of 304 Customer Driven Innovation Doc.IP Commands Syntax IP::tos Selects a different pool of servers based on the ToS level within a packet. No. Example: when CLIENT_ACCEPTED { if { [IP::tos] == 16 } { pool telnet_pool } else { pool slow_pool } } Related Information Valid Events: CLIENT_ACCEPTED IP::ttl Returns the TTL of the current packet being acted upon.1 7/2/2013 .A10 Thunder Series and AX Series – aFleX Reference Commands .0.7.: D-030-01-00-0007 .

7.0. ACOS 2.1 7/2/2013 205 of 304 . inserts. With an argument.DNS Commands IP::version Returns the version of the current packet being acted upon. No. inserts/ removes RR tcl objects in the Additional section or clears all RRs from the Additional section.: D-030-01-00-0007 . removes. With no arguments.aFleX 2. gets a tcl list of RR objects.7. or clears RRs from the Additional section. Syntax DNS::additional [[insert | remove rr_obj] | clear] Related Information Valid Events: DNS_REQUEST. DNS_RESPONSE Required AX Release: 2.0 or higher Customer Driven Innovation Doc. Syntax IP::version Example: when CLIENT_ACCEPTED { if {[IP::version] eq 6} { pool ipv6_pool } else { pool ipv4_pool } } Related Information Valid Events: CLIENT_ACCEPTED DNS Commands DNS::additional Returns.A10 Thunder Series and AX Series – aFleX Reference Commands .

Syntax DNS::answer [[insert | remove rr_obj] | clear] Example: when DNS_RESPONSE { set rr [DNS::rr google.0.A10 Thunder Series and AX Series – aFleX Reference Commands .7.com 149 IN A 74.224. With an argument. gets a tcl list of RR objects.: D-030-01-00-0007 . or clears RRs from the Answer section.222] DNS::answer insert $rr set rrs [DNS::answer] log "rrs = '$rrs'" } Example: when DNS_RESPONSE { set rrs [DNS::answer] set i 0 foreach rr $rrs { log "i = $i rr = '$rr'" incr i } set rr1 [lindex $rrs 0] log "remove rr1 = '$rr1'" DNS::answer remove $rr1 set k 0 foreach rr [DNS::answer] { log "k = $k rr = '$rr'" incr k } } Related Information Valid Events: DNS_REQUEST.125. inserts/removes RR tcl objects in the Answer section or clears all RRs from the Answer section.1 7/2/2013 . inserts.0 or higher 206 of 304 Customer Driven Innovation Doc. With no arguments. DNS_RESPONSE Required AX Release: 2.aFleX 2.DNS Commands DNS::answer Returns. ACOS 2. removes.7. No.

inserts. No.1 7/2/2013 207 of 304 . With no arguments. when DNS_RESPONSE { set rrs [DNS::answer] foreach rr $rrs { DNS::ttl $rr 1234 } set new_rr [DNS::rr "webserv1.4"] DNS::additional insert $new_rr } Example: when DNS_RESPONSE { set rrs [DNS::answer] set i 0 foreach rr $rrs { log " i = $i rr ='$rr'" incr i } set rrs2 [DNS::authority] set j 0 foreach rr2 $rrs2 { log "j = $j rr2 = '$rr2'" incr j } DNS::authority clear } when DNS_RESPONSE { set rrs2 [DNS::authority] set rr2 [lindex $rrs2 1] DNS::authority remove $rr2 } Customer Driven Innovation Doc.: D-030-01-00-0007 . Syntax DNS::authority [[insert | remove rr_obj] | clear] Example: The following script changes the TTL of all Answer records and adds a glue record.2.3. removes. ACOS 2. With an argument. 88 IN A 1. gets a tcl list of RR objects.aFleX 2.DNS Commands DNS::authority Returns.A10 Thunder Series and AX Series – aFleX Reference Commands . inserts/removes RR tcl objects in the Authority section or clears all RRs from the Authority section.0. or clears RRs from the Authority section.7.yahoo.com.

No.DNS Commands Related Information Valid Events: DNS_REQUEST.7.aFleX 2. where a string is returned.7.: D-030-01-00-0007 . The rcode can be one of the following: • NOERROR • FORMERR • SERVFAIL • NXDOMAIN • NOTIMPL • REFUSED • YXDOMAIN • YXRRSET • NXRRSET • NOTAUTH • NOTZONE The opcode can be one of the following: • QUERY • IQUERY • STATUS • NOTIFY • UPDATE 208 of 304 Customer Driven Innovation Doc.0.1 7/2/2013 . Return value is always an integer except for successful recognition of the rcode or opcode fields.0 or higher DNS::header Gets or sets simple bits or byte fields. ACOS 2. DNS_RESPONSE Required AX Release: 2.A10 Thunder Series and AX Series – aFleX Reference Commands .

No.DNS Commands Syntax DNS::header <id | qr | opcode | aa | tc | rd | ra | ad | cd | rcode> [value] Returns a read-only value. DNS::header <qdcount | ancount | nscount | arcount> [value] Example: These log statements can be used to see all questions and responses: when DNS_REQUEST { # debugging statement see all questions and request details log local0.7. ACOS 2.0 or higher Customer Driven Innovation Doc. "Request: $fqdn Answer: [DNS::answer] Origin:[DNS::origin] Status: [DNS::header rcode] Flags: RD [DNS::header rd] RA [DNS::header ra]" } Example: when DNS_REQUEST { log "query id [DNS::header id] qr: [DNS::header qr] opcode: [DNS::header opcode]" } when DNS_RESPONSE { log "qr: [DNS::header qr] rcode: [DNS::header rcode] ra: [DNS::header ra]" } Related Information Valid Events: DNS_REQUEST.: D-030-01-00-0007 .aFleX 2.7.1 7/2/2013 209 of 304 . "Client: [IP::client_addr] Question:[DNS::question name] Type:[DNS::question type] Class:[DNS::question class] Origin:[DNS::origin]" set fqdn [DNS::question name] } when DNS_RESPONSE { # debugging statement to see all questions and response details log local0. DNS_RESPONSE Required AX Release: 2.A10 Thunder Series and AX Series – aFleX Reference Commands .0.

MX.7. Syntax DNS::query <target> <name> <type> [dnssec] The <target> can be “dnsx”.0. The <name> is the FQDN (for example. “www. and so on).7. Authority. DNS_RESPONSE Required AX Release: 2.0 or higher DNS::query Returns a tcl list of RR tcl objects lists.example.1 7/2/2013 .A10 Thunder Series and AX Series – aFleX Reference Commands .: D-030-01-00-0007 .com”). The <type> specifies the record type (A. ACOS 2. one for each section: Answer. NPTR. AAA. Syntax DNS::len Example: when DNS_REQUEST { set len [DNS::len] log “dns query pkt len = $len” } Example: when DNS_RESPONSE { set len [DNS::len] log "dns reply pkt len = $len" } Related Information Valid Events: DNS_REQUEST.aFleX 2.DNS Commands DNS::len Returns the DNS packet message length. No. 210 of 304 Customer Driven Innovation Doc. and Additional. Constructs and sends a query to the DNS-Express database for a name and type (IN class only).

Type returns/accepts any of the valid DNS types defined in the RFCs.: D-030-01-00-0007 .DNS Commands The dnssec option gets DNSSEC data. and class are all strings. CH. The class returns/accepts IN. Note: A question RR has no rdata and only requests with qdcount == 1 are accepted. Example: The following script inserts a DNS Express response. ACOS 2. DNS_RESPONSE Required AX Release: 2. type.0 or higher DNS::question Gets or sets the question field value. No.7.7. and HS.aFleX 2. when DNS_RESPONSE { set rrsl [DNS::query dnsx nameserver. Syntax DNS::question <name | type | class> [value] Customer Driven Innovation Doc.1 7/2/2013 211 of 304 .A10 Thunder Series and AX Series – aFleX Reference Commands .0.org SOA] foreach rrs $rrsl { foreach rr $rrs { if { [DNS::type $rr] equals "SOA" } { DNS::additional insert $rr } } } } Related Information Valid Events: DNS_REQUEST. The return types for name.

0 or higher DNS::class Gets or sets the resource record class field (IN.domain2.7. Syntax DNS::class <rr_obj> [value] Example: when DNS_RESPONSE { set rr [DNS::rr google.com”}{ log “response query name: [DNS::question name]” DNS::question name “www.com”}{ log “query name: [DNS::question name]” DNS::question name “www.A10 Thunder Series and AX Series – aFleX Reference Commands . HS. DNS_RESPONSE Required AX Release: 2.com 149 IN A 74. ACOS 2.domain1.224.0.DNS Commands Example: when DNS_REQUEST { if {[DNS::question name] contains “www.: D-030-01-00-0007 .com” } } Related Information Valid Events: DNS_REQUEST. No.7.125.1 7/2/2013 . and so on).domain2. DNS_RESPONSE Required AX Release: 2.com” } } when DNS_RESPONSE { if {[DNS::question name] contains “www.0 or higher 212 of 304 Customer Driven Innovation Doc.aFleX 2.7. CH.domain1.222] set old_class [DNS::type $rr] DNS::class $rr "HS" DNS::answer insert $rr } Related Information Valid Events: DNS_REQUEST.

aFleX 2.7. Syntax DNS::name <rr_obj> [value] Example: when DNS_RESPONSE { set rr [DNS::rr google.1.224.125.com”.0 or higher DNS::rdata Gets or sets the resource record rdata field.222] set old_name [DNS::name $rr] DNS::name $rr "yahoo.1 7/2/2013 213 of 304 .com 149 IN A 74. for example. DNS_RESPONSE Required AX Release: 2.7.222] set old_rdata [DNS::rdata $rr] DNS::rdata $rr "10.example.com" DNS::answer insert $rr } Related Information Valid Events: DNS_REQUEST.A10 Thunder Series and AX Series – aFleX Reference Commands . No. ACOS 2.: D-030-01-00-0007 .100" DNS::answer insert $rr } Customer Driven Innovation Doc.0.224.com 149 IN A 74.1. Syntax DNS::rdata <rr_obj> [value] Example: when DNS_RESPONSE { set rr [DNS::rr google.DNS Commands DNS::name Gets or sets the resource record name field (FQDN). “www.125.

and so on).255.domain1. No. NPTR. For example for an A record. MX. HS. The <rdata> value depends on the type of RR.7.com 149 IN A 255.X”). the <rdata> will be an IP address (“X. DNS_RESPONSE Required AX Release: 2. ACOS 2.0 or higher 214 of 304 Customer Driven Innovation Doc. The <type> specifies the record type (A.com”).255] log “rr = $rr” } when DNS_RESPONSE { set name [DNS::question name] set rr1 [DNS::rr $name IN CNAME vip. Example: when DNS_RESPONSE { set rr [DNS::rr www. “www.aFleX 2.example.a10.X.> | <string>> The <name> is the FQDN (for example. CH. and so on).DNS Commands Related Information Valid Events: DNS_REQUEST.0 or higher DNS::rr Creates a new resource record object with the specified attributes or as a complete string.7. The <class> specifies the DNS class (IN..255. DNS_RESPONSE Required AX Release: 2. AAA.com] DNS::answer insert $rr1 } Related Information Valid Events: DNS_REQUEST.1 7/2/2013 .A10 Thunder Series and AX Series – aFleX Reference Commands .: D-030-01-00-0007 ..X.7.0. Syntax DNS::rr <name> <type> <class> <ttl> <rdata.

Syntax DNS::type <rr_obj> [value] Customer Driven Innovation Doc.DNS Commands DNS::ttl Gets or sets the resource record TTL field.222] set old_ttl [DNS::type $rr] DNS::ttl $rr 200 DNS::answer insert $rr } Related Information Valid Events: DNS_REQUEST.125. DNS_RESPONSE Required AX Release: 2.: D-030-01-00-0007 . MX.1 7/2/2013 215 of 304 .0. when DNS_RESPONSE { set rrs [DNS::answer] foreach rr $rrs { if { [DNS::type $rr] equals "SOA" } { DNS::answer remove $rr } } } Example: when DNS_RESPONSE { set rr [DNS::rr google.7. AAAA.224. NPTR. No.com 149 IN A 74.aFleX 2. Syntax DNS::ttl <rr_obj> [value] Example: The following script removes SOA records from the Answer section.A10 Thunder Series and AX Series – aFleX Reference Commands .0 or higher DNS::type Gets or sets the resource record type field (A. and so on).7. ACOS 2.

a10. No.222] set old_type [DNS::type $rr] DNS::type $rr "CNAME" DNS::answer insert $rr } Related Information Valid Events: DNS_REQUEST.224.1 7/2/2013 . DNS_RESPONSE Required AX Release: 2.A10 Thunder Series and AX Series – aFleX Reference Commands .: D-030-01-00-0007 .com 149 IN A 74.DNS Commands Example: when DNS_RESPONSE { set rr [DNS::rr google.7. DNS_RESPONSE Required AX Release: 2.com" } { DNS::header qr 1 DNS::header ra 1 set name [DNS::question name] set rr1 [DNS::rr $name 65000 IN CNAME vip. ACOS 2.125.0 or higher DNS::return Skips all further processing after tcl execution and sends the DNS packet in the opposite direction.7.aFleX 2.0.com] DNS::answer insert $rr1 DNS::return } } Related Information Valid Events: DNS_REQUEST.7.0 or higher 216 of 304 Customer Driven Innovation Doc. Syntax DNS::return Example: when DNS_REQUEST { if { [DNS::question name] contains "a10.

7.aFleX 2. Note: This command is only effective when global DNS cache or a DNS cache template is enabled. ACOS 2. No.DNS Commands DNS::cache Controls the DNS cache access and update for the current DNS session.7.0 or higher Customer Driven Innovation Doc. If a DNSSEC query. Example: when DNS_REQUEST { if {[DNS::is_dnssec]} { log "This is DNSSEC request!" DNS::cache disable } } Update the DNS cache with an aFleX change.1 7/2/2013 217 of 304 . Example: when DNS_RESPONSE { set rrs [DNS::answer] DNS::answer remove $rr1 DNS::cache update } Related Information Valid Events: DNS_REQUEST.0. bypass the cached response.: D-030-01-00-0007 . Syntax DNS::cache <enable | disable> Enables or disables the DNS cache for the current DNS session. DNS_RESPONSE Required AX Release: 2.A10 Thunder Series and AX Series – aFleX Reference Commands . DNS::cache update Updates the DNS cache with content changed through aFleX.

the return value is NULL for ‘get’ commands.7. DNS_RESPONSE Required AX Release: 2. and 0 if false.0 or higher DNS::opt Gets or sets the parameters of a DNS OPT record. Syntax DNS::opt do [value] Gets or sets the DO value for DNSSEC in an OPT record. No.0.aFleX 2. 218 of 304 Customer Driven Innovation Doc. Example: when DNS_REQUEST { if {[DNS::is_dnssec]} { log "This is DNSSEC request!" } } Related Information Valid Events: DNS_REQUEST. DNS::opt rcode [value] Gets or sets the extended RCODE value in an OPT record.DNS Commands DNS::is_dnssec Checks for a DNSSEC query or reply.1 7/2/2013 . Syntax DNS::is_dnssec Returns a value of 1 if true. ACOS 2. DNS::opt udpsize [value] Gets or sets the UDP size value in an OPT record.7.A10 Thunder Series and AX Series – aFleX Reference Commands . If there is no OPT record in the DNS content. DNS::opt version [value] Gets or sets the version in an OPT record.: D-030-01-00-0007 .

3dglases-panasonic-tv.com” “type2” … The first field is the domain.7. The user and organization are protected.com Here is an example class list: class-list Blacklist string str “. and the second field is a type description.0.1 7/2/2013 219 of 304 .cn” “type1” str “.malwaredomains.DNS Commands Example: when DNS_REQUEST { if {[DNS::is_dnssec]} { log "This is DNSSEC request!" log "The UDP bufsize = [DNS::opt udpsize]" } } when DNS_RESPONSE { if {[DNS::opt do]} { DNS::opt udpsize 8196 } } Related Information Valid Events: DNS_REQUEST. You can import black-listed domains from the big list at the following site: mirror1.A10 Thunder Series and AX Series – aFleX Reference Commands .: D-030-01-00-0007 . the second is strictly for classification purposes and can be edited as necessary. No. the script inspects the destination. In either event. ACOS 2. The black-listed domains can be imported into a class list. The first will match your traffic. or at least notification. can take place. The the destination matches a list of well-known malware domains. the request is not sent to the malicious destination.7.abbcp. Customer Driven Innovation Doc. When a user sends a query.aFleX 2.0 or higher DNS Example The following script uses some of the DNS commands described above to perform DNS blackholing of malware sites. DNS_RESPONSE Required AX Release: 2. the script returns the address of an internal site where remediation.

: D-030-01-00-0007 .[DNS::question name] } if { [CLASS::match $fqdn ends_with Blacklist] } { # Client made a DNS request for a Blacklisted site.A10 Thunder Series and AX Series – aFleX Reference Commands . (To ensure we don't request # a prohibited site and allow their server to track the source IP) DNS::return } } when DNS_RESPONSE { if { $BL_Match } { # This DNS request was for a Blackhole FQDN.1 7/2/2013 . No.7.")} { set fqdn .10.aFleX 2. This ensures we match a FQDN and # all names to the left of it. ACOS 2. $static::BL_ttl [DNS::question class] [DNS::question type] $static::BL_reply_IPV4" DNS::header ra "1" 220 of 304 Customer Driven Innovation Doc.20. switch [DNS::question type] { "A" { # Clear out any DNS responses and insert the custom response. Prevents malware from dynamically # prepending characters to the domain name to bypass exact matches if {!([DNS::question name] equals ".DNS Commands when RULE_INIT { # Set IPV4 address that is returned for Blacklist matches for A records set static::BL_reply_IPV4 "10.0. Take different actions based on the request type.50" # Set TTL used for all Blacklisted replies set static::BL_ttl "300" } when DNS_REQUEST { # BL_Match is used to track when a Query matches the blacklist # (always set to 0 or false at beginning of the DNS request) set BL_Match 0 # BL_Type is used to track why this FQDN was added to the BL_Class set BL_Type "" # When FQDN from DNS Query is checked against the Blacklist class # the FQDN must start with a period. RA header = recursive answer DNS::answer clear DNS::answer insert "[DNS::question name]. set BL_Match 1 set BL_Type [CLASS::match $fqdn ends_with Blacklist value] # Prevent processing by listener's pool.

1. "Blackhole: [IP::client_addr]#[UDP::client_port] requested [DNS::question name] query type: [DNS::question type] class [DNS::question class] unable to respond BH type: $BL_Type" } } } } Customer Driven Innovation Doc.aFleX 2.: D-030-01-00-0007 .7.com query type: A class IN unable to respond log -noname local0. MX. "Blacklist: [IP::client_addr]#[UDP::client_port] requested [DNS::question name] query type: [DNS::question type] class [DNS::question class] A-response: $static::BL_reply_IPV4 BH type: $BL_Type" } "AAAA" { # Code to handle IPv6 in a similar manner omitted for clarity .1. ACOS 2. } default { # For other record types.g.1 7/2/2013 221 of 304 ..0. etc. No.A10 Thunder Series and AX Series – aFleX Reference Commands .1.1.1. provide a blank NOERROR response DNS::last_act reject # log example: # Blacklist: 10..com query type: A class IN Aresponse: 10.60 log -noname local0.148#4902 requested foo. e.148#4902 requested foo.1. NS.DNS Commands # log example: # Blacklist: 10. TXT.

SIP Commands SIP Commands SIP::call_id Returns the value of the Call-ID header in a SIP request. Syntax SIP::from Example: See “SIP Command Examples” on page 227. in cases where there are multiple header levels. SIP_RESPONSE SIP::from Returns the value of the “From” header in a SIP request. SIP_REQUEST_SEND. Without the <index> option.aFleX 2.1 7/2/2013 . ACOS 2. SIP_REQUEST_SEND. No. 222 of 304 Customer Driven Innovation Doc.0. SIP_RESPONSE SIP::header Returns SIP header “header-name”.7. Related Information Valid Events: SIP_REQUEST.A10 Thunder Series and AX Series – aFleX Reference Commands . Syntax SIP::call_id Example: See “SIP Command Examples” on page 227. The <index> option indicates the header to act upon. Syntax SIP::header [<value>] “header-name” [<index>] The <value> option specifies the header value. the first instance of the header is acted upon by the aFleX policy.: D-030-01-00-0007 . Related Information Valid Events: SIP_REQUEST.

the header is inserted prior to any preexisting header of the same name and value. Example: See “SIP Command Examples” on page 227. ACOS 2.0. Syntax SIP::header insert “header-name” “header-value” <index> If you do not specify the <index>. SIP_REQUEST_SEND.: D-030-01-00-0007 .7.aFleX 2.A10 Thunder Series and AX Series – aFleX Reference Commands .SIP Commands Example: See “SIP Command Examples” on page 227. No. Syntax SIP::method Example: See “SIP Command Examples” on page 227. SIP_RESPONSE SIP::header insert Inserts the specified SIP header-name:header-value pair at position <index>. SIP_REQUEST_SEND. Related Information Valid Events: SIP_REQUEST. SIP_REQUEST_SEND. and others are inserted at the tail. Related Information Valid Events: SIP_REQUEST. If no such header exists. SIP_RESPONSE Customer Driven Innovation Doc. SIP_RESPONSE SIP::method Returns the type of the SIP request method. Related Information Valid Events: SIP_REQUEST.1 7/2/2013 223 of 304 . a “via” header is inserted at the head of the SIP headers.

Related Information Valid Events: SIP_REQUEST.: D-030-01-00-0007 .0. Example: See “SIP Command Examples” on page 227. SIP_REQUEST_SEND.SIP Commands SIP::respond Sends back a response with the specified code.1 7/2/2013 . SIP::response rewrite code <phrase> Rewrites the response code and phrase.A10 Thunder Series and AX Series – aFleX Reference Commands .7. ACOS 2. No. Syntax SIP::response code Gets the SIP response code. if specified. phrase. Syntax SIP::respond code <"phrase" <"header-name" "header-value">> Example: See “SIP Command Examples” on page 227. SIP_RESPONSE 224 of 304 Customer Driven Innovation Doc. if specified. and headername:header-value pair. SIP_RESPONSE SIP::response Gets the SIP response code or response phrase.aFleX 2. Related Information Valid Events: SIP_REQUEST. SIP_REQUEST_SEND. SIP::response phrase Gets the response phrase. or rewrites the response code and phrase.

If you specify the <index>. SIP_REQUEST_SEND. ACOS 2. Syntax SIP::via [<index>] Gets the information in the SIP “via” header.1 7/2/2013 225 of 304 . SIP_REQUEST_SEND.7.A10 Thunder Series and AX Series – aFleX Reference Commands . Syntax SIP::uri Example: See “SIP Command Examples” on page 227. only the information at the specified index level is returned. SIP_RESPONSE SIP::via Gets SIP “via” information. SIP_RESPONSE SIP::uri Returns the complete URI of the request. No. Customer Driven Innovation Doc. only the information at the specified index level is returned.0. Related Information Valid Events: SIP_REQUEST.SIP Commands SIP::to Returns the value of the “To” header in the SIP request. Syntax SIP::to Example: See “SIP Command Examples” on page 227. If you specify the <index>.: D-030-01-00-0007 .aFleX 2. SIP::via proto [<index>] Gets the protocol part of the SIP via at the specified index level. Related Information Valid Events: SIP_REQUEST.

No. If you specify the <index>. SIP::via branch [<index>] Gets the branch attribute of the SIP via at the specified index level. SIP::via maddr [<index>] Gets the maccadr attribute of the SIP via at the specified index level. ACOS 2. Related Information Valid Events: SIP_REQUEST. SIP_RESPONSE 226 of 304 Customer Driven Innovation Doc. only the information at the specified index level is returned. SIP::via ttl [<index>] Gets the TTL attribute of the SIP via at the specified index level.A10 Thunder Series and AX Series – aFleX Reference Commands .7. only the information at the specified index level is returned. only the information at the specified index level is returned. SIP::via received [<index>] Gets the retrieved attribute of the SIP via at the specified index level.: D-030-01-00-0007 . SIP_REQUEST_SEND.aFleX 2. If you specify the <index>. Example: See “SIP Command Examples” on page 227.SIP Commands SIP::via sent_by [<index>] Gets the sent_by part of the SIP via at the specified index level. If you specify the <index>.0. only the information at the specified index level is returned.1 7/2/2013 . If you specify the <index>.

A10 Thunder Series and AX Series – aFleX Reference Commands .aFleX 2.: D-030-01-00-0007 . No.7. ACOS 2.SIP Commands SIP Command Examples Example 1: when SIP_REQUEST { if { [SIP::method] contains "SUBSCRIBE" } { log "***************** SIP-REQUEST *******************" log "SIP::call_id is [SIP::call_id]" log "---------------------------------------------------" log "SIP::from is [SIP::from]" log "---------------------------------------------------" log "SIP::header Via [SIP::header Via]" log "SIP::header Via value index0 [SIP::header value Via 0]" log "SIP::header Via index9 [SIP::header Via 9]" log "SIP::header From [SIP::header From]" log "SIP::header value From index0 [SIP::header value From 0]" log "SIP::header From index9 <not exist> [SIP::header From 9]" log "SIP::header To [SIP::header To]" log "SIP::header To index0 [SIP::header To 0]" log "SIP::header value To index9 <not exist> [SIP::header value To 9]" log "SIP::header Call-ID [SIP::header Call-ID]" log "SIP::header value Call-ID index0 [SIP::header value Call-ID 0]" log "SIP::header value Call-ID index9 <not exist> [SIP::header value CallID 9]" log "SIP::header CSeq [SIP::header CSeq]" log "SIP::header CSeq value index0 [SIP::header value CSeq 0]" log "SIP::header CSeq index9 <not exist> [SIP::header CSeq 9]" log "SIP::header Contact [SIP::header Contact]" log "SIP::header value Contact index0 [SIP::header value Contact 0]" log "SIP::header Contact index9 <not exist> [SIP::header Contact 9]" log "SIP::header Max-Forwards [SIP::header Max-Forwards]" log "SIP::header Event [SIP::header Event]" log "SIP::header User-Agent [SIP::header User-Agent]" log "SIP::header Expires [SIP::header Expires]" log "SIP::header Allow [SIP::header Allow]" log "SIP::header Accept [SIP::header Accept]" log "SIP::header Content-length [SIP::header Content-length]" Customer Driven Innovation Doc.0.1 7/2/2013 227 of 304 .

test.0/UDP 171.ttl=1.217:5060.maddr=3ffe:501:ffff:50::51.1.com:5070.ttl=1. ACOS 2.1.0/UDP ss. No.1.test.: D-030-01-00-0007 .under.SIP Commands log "SIP::header abc <not valid header> [SIP::header abc]" log "---------------------------------------------------" SIP::header remove Via log "SIP::header remove Via [SIP::header Via]" SIP::header remove From log "SIP::header remove From [SIP::header From]" log "---------------------------------------------------" log "SIP::header Via 0 (request) [SIP::header Via 0]" log "SIP::response code [SIP::response code]" SIP::header insert Via "SIP/10.rport.aFleX 2.0.com>.received=3ffe:501:ffff:50::50" 1 # log "Event 0 is [SIP::header event]" SIP::header insert From "<sip:218@mysip.maddr=3ffe:501:ffff:50::51.under.A10 Thunder Series and AX Series – aFleX Reference Commands .1" 10 SIP::header insert event "SIP/2.1 7/2/2013 .0/UDP ss.tag=1043119751" log "SIP::header insert From index1 [SIP::header From]" log "SIP::header From [SIP::header From]" SIP::header insert Via "SIP/2.branch=z9hG4bK721e418c 4.branch=z9hG4bK721e418c 4.com:5070.branch=z9hG4bk11229103" log "SIP::header insert Via [SIP::header Via]" log "SIP::header From(2) [SIP::header From]" log "SIP::header insert xyz index9 [SIP::header insert xyz "x y z" 9]" log "---------------------------------------------------" log "SIP::method [SIP::method]" log "---------------------------------------------------" SIP::respond 401 "no way" From "future" log "---------------------------------------------------" log "SIP::response [SIP::response code]" log "SIP::response phase [SIP::response phrase]" 228 of 304 Customer Driven Innovation Doc.7.

A10 Thunder Series and AX Series – aFleX Reference Commands .SIP Commands SIP::response rewrite 402 "no xxx" log "SIP::response rewrite code phrase [SIP::response code]" log "---------------------------------------------------" log "SIP::to [SIP::to]" log "---------------------------------------------------" log "SIP::uri [SIP::uri]" log "---------------------------------------------------" log "SIP::via [SIP::via]" log "SIP::via index0 [SIP::via 0]" log "SIP::via index9 [SIP::via 9]" log "SIP::via proto [SIP::via proto]" log "SIP::via proto index0 [SIP::via proto 0]" log "SIP::via proto index9 [SIP::via proto 9]" log "SIP::via sent_by [SIP::via sent_by]" log "SIP::via sent_by index0 [SIP::via sent_by 0]" log "SIP::via sent_by index9 [SIP::via sent_by 9]" log "SIP::via received [SIP::via received]" log "SIP::via received index0 [SIP::via received 0]" log "SIP::via received index9 [SIP::via received 9]" log "SIP::via branch [SIP::via branch]" log "SIP::via branch index0 [SIP::via branch 0]" log "SIP::via branch index9 [SIP::via branch 9]" log "SIP::via maddr [SIP::via maddr]" log "SIP::via maddr index0 [SIP::via maddr 0]" log "SIP::via maddr index9 [SIP::via maddr 9]" log "SIP::via ttl [SIP::via ttl]" log "SIP::via ttl index0 [SIP::via ttl 0]" log "SIP::via ttl index9 [SIP::via ttl 9]" } } Customer Driven Innovation Doc.1 7/2/2013 229 of 304 .aFleX 2.0. ACOS 2.: D-030-01-00-0007 . No.7.

aFleX 2. No.A10 Thunder Series and AX Series – aFleX Reference Commands .SIP Commands Example 2: when SIP_RESPONSE { if { [SIP::response code] equals "401" } { SIP::response rewrite 411 Phrase_Unauthorized log "SIP::response code [SIP::response code]" log "SIP::response phrase [SIP::response phrase]"} if { [SIP::response code] equals "501" } { SIP::response rewrite 511 Phrase_Not_Implemented log "SIP::response code [SIP::response code]" log "SIP::response phrase [SIP::response phrase]"} if { [SIP::response code] equals "200" } { SIP::response rewrite 210 okok log "SIP::response code [SIP::response code]" log "SIP::response phrase [SIP::response phrase]"} } Example 3: when SIP_REQUEST_SEND { if { [SIP::method] contains "SUBSCRIBE" } { log "***************** SIP-REQUEST-SEND *******************" log "SIP::header Via 1 (request_sent) [SIP::header Via 1]" log "SIP::call_id is [SIP::call_id]" log "---------------------------------------------------" log "SIP::from is [SIP::from]" log "---------------------------------------------------" log "SIP::header Via [SIP::header Via]" log "SIP::header Via value index0 [SIP::header value Via 0]" log "SIP::header Via index9 [SIP::header Via 9]" log "SIP::header From [SIP::header From]" log "SIP::header value From index0 [SIP::header value From 0]" log "SIP::header From index9 <not exist> [SIP::header From 9]" log "SIP::header To [SIP::header To]" log "SIP::header To index0 [SIP::header To 0]" 230 of 304 Customer Driven Innovation Doc.0.7.1 7/2/2013 . ACOS 2.: D-030-01-00-0007 .

7.rport. ACOS 2.: D-030-01-00-0007 .0/UDP 171.0.aFleX 2. No.SIP Commands log "SIP::header value To index9 <not exist> [SIP::header value To 9]" log "SIP::header Call-ID [SIP::header Call-ID]" log "SIP::header value Call-ID index0 [SIP::header value Call-ID 0]" log "SIP::header value Call-ID index9 <not exist> [SIP::header value CallID 9]" log "SIP::header CSeq [SIP::header CSeq]" log "SIP::header CSeq value index0 [SIP::header value CSeq 0]" log "SIP::header CSeq index9 <not exist> [SIP::header CSeq 9]" log "SIP::header Contact [SIP::header Contact]" log "SIP::header value Contact index0 [SIP::header value Contact 0]" log "SIP::header Contact index9 <not exist> [SIP::header Contact 9]" log "SIP::header Max-Forwards [SIP::header Max-Forwards]" log "SIP::header Event [SIP::header Event]" log "SIP::header User-Agent [SIP::header User-Agent]" log "SIP::header Expires [SIP::header Expires]" log "SIP::header Allow [SIP::header Allow]" log "SIP::header Accept [SIP::header Accept]" log "SIP::header Content-length [SIP::header Content-length]" log "SIP::header abc <not valid header> [SIP::header abc]" log "---------------------------------------------------" SIP::header remove Via log "SIP::header remove Via [SIP::header Via]" SIP::header remove From log "SIP::header remove From [SIP::header From]" SIP::header remove From log "SIP::header remove From [SIP::header From]" SIP::header remove abc log "SIP::header remove index To [SIP::header abc]" log "---------------------------------------------------" SIP::header insert From "<sip:218@mysip.217:5060.A10 Thunder Series and AX Series – aFleX Reference Commands .1.1.com>.branch=z9hG4bk11229103" Customer Driven Innovation Doc.1 7/2/2013 231 of 304 .tag=1043119751" log "SIP::header insert From index1 [SIP::header From]" log "SIP::header From [SIP::header From]" SIP::header insert Via "SIP/2.

aFleX 2. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference Commands .: D-030-01-00-0007 .0.SIP Commands log "SIP::header insert Via [SIP::header Via]" log "SIP::header From(2) [SIP::header From]" log "SIP::header insert xyz index9 [SIP::header insert xyz "x y z" 9]" log "---------------------------------------------------" log "SIP::method [SIP::method]" log "---------------------------------------------------" SIP::respond 401 "no way" From "future" log "---------------------------------------------------" log "SIP::response [SIP::response code]" log "SIP::response phase [SIP::response phrase]" SIP::response rewrite 402 "no xxx" log "SIP::response rewrite code phrase [SIP::response code]" log "---------------------------------------------------" log "SIP::to [SIP::to]" log "---------------------------------------------------" log "SIP::uri [SIP::uri]" log "---------------------------------------------------" log "SIP::via [SIP::via]" log "SIP::via index0 [SIP::via 0]" log "SIP::via index9 [SIP::via 9]" log "SIP::via proto [SIP::via proto]" log "SIP::via proto index0 [SIP::via proto 0]" log "SIP::via proto index9 [SIP::via proto 9]" log "SIP::via sent_by [SIP::via sent_by]" log "SIP::via sent_by index0 [SIP::via sent_by 0]" log "SIP::via sent_by index9 [SIP::via sent_by 9]" log "SIP::via received [SIP::via received]" log "SIP::via received index0 [SIP::via received 0]" log "SIP::via received index9 [SIP::via received 9]" log "SIP::via branch [SIP::via branch]" log "SIP::via branch index0 [SIP::via branch 0]" log "SIP::via branch index9 [SIP::via branch 9]" log "SIP::via maddr [SIP::via maddr]" log "SIP::via maddr index0 [SIP::via maddr 0]" log "SIP::via maddr index9 [SIP::via maddr 9]" log "SIP::via ttl [SIP::via ttl]" log "SIP::via ttl index0 [SIP::via ttl 0]" log "SIP::via ttl index9 [SIP::via ttl 9]" } } 232 of 304 Customer Driven Innovation Doc.1 7/2/2013 .7. No.

7. If you specify a list name. If you do not specify a list name. the ACOS device looks in the black/white list that is bound to the same virtual port to which the aFleX policy is bound.0. No. Syntax POLICY::bwlist id <ip> [<bwlist_name>] Specifying a black/white list name is optional.A10 Thunder Series and AX Series – aFleX Reference Commands .aFleX 2. the ACOS device looks in the specified list.1 7/2/2013 233 of 304 .: D-030-01-00-0007 .Policy-Based SLB Commands Policy-Based SLB Commands POLICY::bwlist id Returns the group ID associated with an IP address in a black/white list. Example: when HTTP_REQUEST { set client_addr [IP::client_addr] set group_id [ POLICY::bwlist id $client_addr ] set bwfile_group_id [ POLICY::bwlist id $client_addr bwfile ] if { $group_id equals 10 } { pool sg1 } elseif { $bwfile_group_id equals 20 } { pool sg2 } else { reject } } Related Information Valid Events: All Customer Driven Innovation Doc. ACOS 2.

No. ACOS 2.7. CACHE_RESPONSE Required AX Release: 2.1 or higher CACHE::disable Disables caching for the current HTTP request. Syntax CACHE::disable Example: when HTTP_REQUEST { if { not ([HTTP::uri] contains "images") } { CACHE::disable } } 234 of 304 Customer Driven Innovation Doc.1 7/2/2013 .0.A10 Thunder Series and AX Series – aFleX Reference Commands .RAM Caching Commands RAM Caching Commands CACHE::age Returns the age of a cached object.6.: D-030-01-00-0007 . Syntax CACHE::age Example: when CACHE_REQUEST { if { [CACHE::age] > 60 } { CACHE::expire log local0.aFleX 2. The age is the number of seconds the object has been in the cache. "Expiring content: Age > 60 seconds" } } Related Information Valid Events: CACHE_REQUEST.

CACHE_RESPONSE Required AX Release: 2.1 or higher CACHE::enable Forces caching of an object. HTTP_RESPONSE. Syntax CACHE::enable [<age>] The age option specifies how long (in seconds) the object should be cached. HTTP_RESPONSE. CACHE_REQUEST. No.: D-030-01-00-0007 . Syntax CACHE::expire Customer Driven Innovation Doc. CACHE_REQUEST.A10 Thunder Series and AX Series – aFleX Reference Commands .1 or higher CACHE::expire Forces a cached object to be revalidated from the server.RAM Caching Commands Related Information Valid Events: HTTP_REQUEST.6.6. the age specified in the RAM caching template is used.0.1 7/2/2013 235 of 304 . Example: when HTTP_REQUEST { if { [HTTP::uri] contains "images" } { CACHE::enable 10000 } } Related Information Valid Events: HTTP_REQUEST. ACOS 2.aFleX 2. CACHE_RESPONSE Required AX Release: 2.7. If you do not specify an age.

7.A10 Thunder Series and AX Series – aFleX Reference Commands .1 7/2/2013 .1 or higher 236 of 304 Customer Driven Innovation Doc. No. CACHE_RESPONSE Required AX Release: 2.: D-030-01-00-0007 . log local0.1 or higher CACHE::headers Returns the HTTP headers of a cached object.6. [CACHE::headers] } Related Information Valid Events: CACHE_REQUEST.RAM Caching Commands Example: when CACHE_RESPONSE { if { $expired equals 1 } { CACHE::expire log "cache expire" } } Related Information Valid Events: CACHE_REQUEST.aFleX 2. ACOS 2.6. CACHE_RESPONSE Required AX Release: 2.0. The <name>/<value> pairs are returned in a Tcl list. Syntax CACHE::headers Example: when CACHE_RESPONSE { # log all HTTP headers sent in cache response.

A10 Thunder Series and AX Series – aFleX Reference Commands . CACHE_RESPONSE Required AX Release: 2.aFleX 2.: D-030-01-00-0007 . ACOS 2.7.RAM Caching Commands CACHE::hits Returns the number of cache hits for a cached object. Syntax CACHE::hits Example: when CACHE_REQUEST { log "[CACHE::hits] cache hits for document at [HTTP::uri]" } Related Information Valid Events: CACHE_REQUEST.6.1 or higher Customer Driven Innovation Doc.0.1 7/2/2013 237 of 304 . No.

If the [name] is specified and the AVP is a standard AVP. ACOS 2. its type is returned. otherwise. Note: The order of IDs might not be the same as the order of the AVPs in the packet.1 7/2/2013 . DIAMETER::avp <id> code [name | type] Returns the numeric AVP code of the AVP with ID <id>. writes. If the <avp_code> or <name> is not specified.Diameter Load Balancing Commands Diameter Load Balancing Commands Diameter load balancing uses the following commands. DIAMETER::avp get_ids [<avp_code> | <name>] Returns a list of the IDs of AVPs with matching <avp_code> or <name>. DIAMETER_ANSWER. an empty string is returned. a user-readable string is returned. DIAMETER::app_id Returns the application ID of a Diameter message. otherwise. or deletes AVPs. 238 of 304 Customer Driven Innovation Doc. DIAMETER_ANSWER_SEND DIAMETER::avp Reads.7. an empty string is returned. DIAMETER_REQUEST_SEND.0. No. the IDs of all AVPs are returned. If [type] is specified.: D-030-01-00-0007 . and the AVP is a standard AVP.aFleX 2. Syntax DIAMETER::avp count Returns the number of AVPs.A10 Thunder Series and AX Series – aFleX Reference Commands . Syntax DIAMETER::app_id Example: when DIAMETER_REQUEST { log "DIAMETER::app_id = [DIAMETER::app_id]" } Related Information Valid Events: DIAMETER_REQUEST.

0. The <type> can only be one of the following: Unsigned32. ACOS 2. DIAMETER::avp [index] insert [<avp_code> | <name>] <value> <flags> [<vendor_id>] [type <type>] Inserts an AVP with the specified attributes. DIAMETER::avp <id> vendor_id Returns the vendor_id of the AVP with ID <id>. Integer64. Integer32. No. in the following format: {V|-}{M|-}{P|-} DIAMETER::avp <id> length Returns the length of the AVP with ID <id>. Note: Once an AVP is deleted. Integer32. Grouped. Further. Customer Driven Innovation Doc. an empty string is returned. if it does not conflict with the AVP (example: for an Integer32 AVP Unsigned64 cannot be returned). DIAMETER::avp <id> replace [value <value> [type <type>]] [flags <flags> [<vendor_id>]] Replaces the value or flags (and vendor_id if flags includes "V") or AVP at ID <id>.1 7/2/2013 239 of 304 . DIAMETER::avp <id> value [<type>] Returns the value of the AVP with ID <id>. the AVP is inserted at that position in the packet.A10 Thunder Series and AX Series – aFleX Reference Commands . the AVP is appended to the packet. This command also returns the ID of the inserted AVP. it can not be accessed thereafter.aFleX 2. or OctetString. Integer64. Address. otherwise. or UTF8String. If the specified <type> is Unsigned32. or OctetString. If the <avp_code> is non-standard. DIAMETER::avp <id> flags Returns flags of the AVP with ID <id>. The [index] value must be between 0 and number of AVPs in the packet. If [index] is not specified. Enumerated. the value is interpreted accordingly. Address.Diameter Load Balancing Commands DIAMETER::avp <id> index Returns the index value within the packet of the AVP with ID <id>. the value is inserted as OctetString. a packet can contain a maximum of 64 AVPs at any stage. If [index] is specified. Unsigned64. DIAMETER::avp <id> delete Deletes the AVP with ID <id>. Time. if the AVP has the “V” flag specified. a byte array is returned. Unsigned64. DiamURI.: D-030-01-00-0007 .7. For AVPs of type DiameterIdentity.

1 7/2/2013 .0.: D-030-01-00-0007 . No.aFleX 2.Diameter Load Balancing Commands Example: when DIAMETER_REQUEST { log "Number of AVPs = [DIAMETER::avp count]" log "Ids of all AVPs = [DIAMETER::avp get_ids]" log "Ids of AVPs of code 257 = [DIAMETER::avp get_ids 257]" log "Ids of Session-Id AVPs = [DIAMETER::avp get_ids Session-Id]" } Example: when DIAMETER_REQUEST { set ids [DIAMETER::avp get_ids] for { set i 0 } { $i < [llength $ids] } { incr i } { set id [lindex $ids $i] log log log log log log log log "DIAMETER::avp "DIAMETER::avp "DIAMETER::avp "DIAMETER::avp "DIAMETER::avp "DIAMETER::avp "DIAMETER::avp "DIAMETER::avp $id $id $id $id $id $id $id $id code = [DIAMETER::avp $id code]" code name = [DIAMETER::avp $id code name]" code type = [DIAMETER::avp $id code type]" index = [DIAMETER::avp $id index]" flags = [DIAMETER::avp $id flags]" length = [DIAMETER::avp $id length]" vendor_id = [DIAMETER::avp $id vendor_id]" value = [DIAMETER::avp $id value]" } } Example: when DIAMETER_REQUEST { set ids [DIAMETER::avp get_ids] for { set i 0 } { $i < [llength $ids] } { incr i } { set id [lindex $ids $i] DIAMETER::avp $id delete } } 240 of 304 Customer Driven Innovation Doc.7. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference Commands .

DWR. ACOS 2. ACA. or STA. DIAMETER_REQUEST_SEND. or its name. DIAMETER_ANSWER_SEND DIAMETER::cmd_code Returns the command code. STR. RAA. ASA. the command code is returned instead. If you omit the [name] option. the name is returned. DPA. Customer Driven Innovation Doc. If [name] is specified. DPR. ACR.7. No.0.: D-030-01-00-0007 . CEA.Diameter Load Balancing Commands Example: when DIAMETER_REQUEST_SEND { set newid [DIAMETER::avp insert 12345 6789 VMP 567 type Unsigned32] log "DIAMETER::avp log "DIAMETER::avp log "DIAMETER::avp log "DIAMETER::avp log "DIAMETER::avp log "DIAMETER::avp log "DIAMETER::avp log "DIAMETER::avp Unsigned32]" } $newid $newid $newid $newid $newid $newid $newid $newid code = [DIAMETER::avp $newid code]" code name = [DIAMETER::avp $newid code name]" code type = [DIAMETER::avp $newid code type]" index = [DIAMETER::avp $newid index]" flags = [DIAMETER::avp $newid flags]" length = [DIAMETER::avp $newid length]" vendor_id = [DIAMETER::avp $newid vendor_id]" value Unsigned32 = [DIAMETER::avp $newid value Example: when DIAMETER_REQUEST_SEND { set newid [DIAMETER::avp 0 insert 12345 6789 VMP 567 type Unsigned32] DIAMETER::avp $newid replace value 12345 type Unsigned32 flags VMP 567 log "DIAMETER::avp log "DIAMETER::avp log "DIAMETER::avp log "DIAMETER::avp log "DIAMETER::avp Unsigned32]" } $newid $newid $newid $newid $newid index = [DIAMETER::avp $newid index]" flags = [DIAMETER::avp $newid flags]" length = [DIAMETER::avp $newid length]" vendor_id = [DIAMETER::avp $newid vendor_id]" value Unsigned32 = [DIAMETER::avp $newid value Related Information Valid Events: DIAMETER_REQUEST.aFleX 2. RAR. of a Diameter message. DWA. CER.A10 Thunder Series and AX Series – aFleX Reference Commands .1 7/2/2013 241 of 304 .. Syntax DIAMETER::cmd_code [name] If you use the [name] option. DIAMETER_ANSWER. an empty string or one of the following is returned as appropriate: ASR.

0.: D-030-01-00-0007 . DIAMETER_ANSWER.aFleX 2. DIAMETER_ANSWER. DIAMETER_ANSWER_SEND DIAMETER::version Returns the version of a Diameter message.Diameter Load Balancing Commands Example: when DIAMETER_REQUEST { log "DIAMETER::cmd_code = [DIAMETER::cmd_code]" } Example: when DIAMETER_REQUEST { log "DIAMETER::cmd_code name = [DIAMETER::cmd_code name]" } Related Information Valid Events: DIAMETER_REQUEST.7. ACOS 2. No.A10 Thunder Series and AX Series – aFleX Reference Commands . Syntax DIAMETER::length Example: when DIAMETER_REQUEST { log "DIAMETER::length = [DIAMETER::length]" } Related Information Valid Events: DIAMETER_REQUEST.1 7/2/2013 . Syntax DIAMETER::version 242 of 304 Customer Driven Innovation Doc. DIAMETER_ANSWER_SEND DIAMETER::length Returns the length of a Diameter message. DIAMETER_REQUEST_SEND. DIAMETER_REQUEST_SEND.

If you omit this option. value} tuples.A10 Thunder Series and AX Series – aFleX Reference Commands . DIAMETER_ANSWER. No. 1-255 (RFC 2865). only the AVP for the specified attribute is returned.: D-030-01-00-0007 . The virtual port that uses this FleX command should be bound to UDP port 1812.RADIUS Message Load-balancing Commands Example: when DIAMETER_REQUEST { log "DIAMETER::version = [DIAMETER::version]" } Related Information Valid Events: DIAMETER_REQUEST. Syntax RADIUS::avp [<attr>] Returns a list of AVPs in the message as {attr. the AVPs for all the attributes are returned. DIAMETER_REQUEST_SEND.7. The <attr> option specifies a RADIUS attribute. ACOS 2.0. len. Example: when CLIENT_DATA { set type [RADIUS::avp 40] switch $type { 1 2 { if { [active_members radius_test_pool] > 0 } { pool radius_test_pool } } default { drop } } } Customer Driven Innovation Doc.aFleX 2.1 7/2/2013 243 of 304 . DIAMETER_ANSWER_SEND RADIUS Message Load-balancing Commands RADIUS::avp Returns RADIUS attribute-value pairs (AVPs). If you use the <attr> option.

7.: D-030-01-00-0007 . Syntax RADIUS::id Example: when CLIENT_DATA { log "RADIUS id=[RADIUS::id]" } 244 of 304 Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference Commands .1-GR1 or higher RADIUS::code Returns the RADIUS message code. Syntax RADIUS::code Example: when CLIENT_DATA { log "RADIUS code=[RADIUS::code]" } Related Information Valid Events: CLIENT_DATA. No.6. SERVER_DATA Required AX Release: 2. ACOS 2.6.RADIUS Message Load-balancing Commands Related Information Valid Events: CLIENT_DATA.aFleX 2. SERVER_DATA Required AX Release: 2.1-GR1 or higher RADIUS::id Returns the RADIUS message ID.0.1 7/2/2013 .

6.aFleX 2. Customer Driven Innovation Doc.1 are supported for both HTTP and HTTPS virtual ports.7. In previous releases. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference Commands . Note: ACOS 2. Note: In AX Release 2.1-GR1 or higher RADIUS::length Returns the RADIUS message length. SERVER_DATA Required AX Release: 2. The SSL commands introduced in releases previous to ACOS 2. No.0.: D-030-01-00-0007 .6.1-P2 and later. SERVER_DATA Required AX Release: 2. “X509::text” on page 261.SSL Commands Related Information Valid Events: CLIENT_DATA. To return a certificate in text format instead.7. To return a certificate in PEM format instead. this command returns certificates in text format.7.1 SSL commands are supported only on HTTP virtual port 80 and are not supported on HTTPS virtual ports or other port numbers.1 7/2/2013 245 of 304 . Syntax RADIUS::length Example: when CLIENT_DATA { log "RADIUS message length=[RADIUS::length]" } Related Information Valid Events: CLIENT_DATA.1-GR1 or higher SSL Commands This section describes the SSL commands. the SSL::cert command returns certificates in DER format.6. “X509::whole” on page 263.

HTTP_REQUEST.aFleX 2. this command returns certificates in text format.7. Syntax SSL::cert <level> Example: when CLIENTSSL_CLIENTCERT { set cert [SSL::cert 0] session add ssl [SSL::sessionid] $cert } when HTTP_REQUEST { if { [SSL::cert count] > 5 } { set issuer [SSL::cert issuer 2] log "issuer $issuer" } else { SSL::cert mode request } } Related Information Valid Events CLIENTSSL_CLIENTCERT.0. In previous releases. CLIENTSSL_HANDSHAKE. No. HTTP_RESPONSE.A10 Thunder Series and AX Series – aFleX Reference Commands . ACOS 2. HTTP_RESPONSE_CONTINUE 246 of 304 Customer Driven Innovation Doc. The level is 0-based.1 7/2/2013 . HTTP_REQUEST_DATA. Note: The SSL::cert command returns certificates in DER format. HTTP_RESPONSE_DATA.: D-030-01-00-0007 . HTTP_REQUEST_SEND.SSL Commands SSL::cert Returns the SSL certificate with the specified level in the certificate chain.

Syntax SSL::cert mode <”request” | “require” | “ignore” | “auto”> Example: See the example for “SSL::cert” on page 246.7. SSL::cert issuer Returns the issuer of the certificate with the specified level. Related Information Valid Events: See “SSL::cert” on page 246. Related Information Valid Events: See “SSL::cert” on page 246.SSL Commands SSL::cert count Returns the number of certificates in the certificate chain. Customer Driven Innovation Doc.0. No. ACOS 2. SSL::cert mode Sets the certificate mode.1 7/2/2013 247 of 304 . This setting overrides the mode setting in the template.aFleX 2.: D-030-01-00-0007 . Syntax SSL::cert count Example: See the example for “SSL::cert” on page 246.A10 Thunder Series and AX Series – aFleX Reference Commands . Syntax SSL::cert issuer <index> Example: See the example for “SSL::cert” on page 246. Related Information Valid Events: See “SSL::cert” on page 246.

HTTP_REQUEST_SEND.: D-030-01-00-0007 . Syntax SSL::cipher name Returns the current SSL cipher name using the format of the OpenSSL SSL_CIPHER_get_name() function (for example. when HTTP_REQUEST { log "[IP::remote_addr]: SSL cipher strength is [SSL::cipher bits]" # Check encryption strength if { [SSL::cipher bits] < 128 } { # Client is using a weak cipher. SSL::cipher version Returns the current SSL cipher version using the format of the OpenSSL SSL_CIPHER_get_version() function (for example.10/sorry. so redirect to a URL showing a sorry page HTTP::respond 302 Location "http://10. HTTP_REQUEST_DATA. SSL::cipher bits Returns the number of secret bits that the current SSL cipher used. Example: The following script checks the encryption strength and redirects to a “sorry” page if the encryption is too weak. “EDH-RSA-DESCBC3-SHA" or "RC4-MD5”). “SSLv2”. using the format of the OpenSSL SSL_CIPHER_get_bits() function (for example.SSL Commands SSL::cipher Returns SSL cipher information.0.10. HTTP_REQUEST. or “TLSv1”). HTTP_RESPONSE.10.html" Cache-Control No-Cache Pragma No-Cache } else { pool web_servers } } Related Information Valid Events: CLIENTSSL_CLIENTCERT. HTTP_RESPONSE_DATA.7. CLIENTSSL_HANDSHAKE. HTTP_RESPONSE_CONTINUE Required AX Release: 2. 128 or 40). No.A10 Thunder Series and AX Series – aFleX Reference Commands .6.aFleX 2.1 248 of 304 Customer Driven Innovation Doc. ACOS 2.1 7/2/2013 . “SSLv3”.

1 7/2/2013 249 of 304 . HTTP_REQUEST_SEND. HTTP_REQUEST.SSL Commands SSL::sessionid Returns the current SSL session ID. HTTP_REQUEST_DATA. No. HTTP_RESPONSE_DATA. Example: when CLIENTSSL_HANDSHAKE { set cert [SSL::cert 0] session add ssl [SSL::sessionid] $cert 300 } Related Information Valid Events CLIENTSSL_CLIENTCERT. HTTP_RESPONSE.0.aFleX 2. Syntax SSL::sessionid Note: Only the client side is supported. CLIENTSSL_HANDSHAKE.: D-030-01-00-0007 . HTTP_RESPONSE_CONTINUE Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference Commands . ACOS 2.7.

HTTP_REQUEST.7.CLIENTSSL_HANDSHAKE. No.: D-030-01-00-0007 . ACOS 2. HTTP_REQUEST_SEND. HTTP_RESPONSE_CONTINUE SSL::disable Disables SSL on either the client or server side. Syntax SSL::disable [clientside | serverside] Example: when CLIENT_ACCEPTED { SSL::disable SSL::disable serverside } Valid Events HTTP_REQUEST. HTTP_REQUEST_SEND.0. HTTP_RESPONSE_DATA. CLIENTSSL_CLIENTCERT.SSL Commands SSL::verify_result If <result_code> is not specified. returns the result code of the peer certification verification.1 7/2/2013 . CLIENT_ACCEPTED.1 or higher 250 of 304 Customer Driven Innovation Doc. HTTP_RESPONSE. Syntax SSL::verify_result [<result_code>] Example: when CLIENTSSL_HANDSHAKE { set result [ X509::verify_cert_error_string [SSL::verify_result]] log "Result is $result" } Related Information Valid Events CLIENTSSL_CLIENTCERT.7. sets the result code of the peer certification verification. CLIENTSSL_HANDSHAKE.A10 Thunder Series and AX Series – aFleX Reference Commands . If <result_code> is specified. HTTP_REQUEST_DATA.HTTP_REQUEST_DATA.aFleX 2.SERVER_CONNECTED Required Release: ACOS 2.

can override the mode set in the SSL template.CLIENT_ACCEPTED. ACOS 2. Note: The certificate mode.SSL Commands SSL::enable Enables SSL for either the client or server side.aFleX 2.7. No.1 7/2/2013 251 of 304 .1 or higher SSL::mode Returns a 1 when SSL is enabled or a 0 when SSL is disabled. SERVER_CONNECTED Required Release: ACOS 2. HTTP_REQUEST_SEND.0. This command can apply to either the client or server side.: D-030-01-00-0007 .7.CLIENTSSL_CLIENTCERT.HTTP_REQUEST_DATA. set with the command SSL::cert mode. CLIENTSSL_HANDSHAKE. Syntax SSL::mode Example: when CLIENT_ACCEPTED { SSL::template t1 } when HTTP_REQUEST { log "SSL::mode = [SSL::mode]" } Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference Commands . Syntax SSL::enable [clientside | serverside] Example: when CLIENT_ACCEPTED { SSL::enable SSL::enable serverside } Valid Events HTTP_REQUEST.

7. CLIENT_ACCEPTED.A10 Thunder Series and AX Series – aFleX Reference Commands .1 or higher SSL::sessionid Returns the current SSL session ID number. HTTP_REQUEST_SEND.CLIENTSSL_HANDSHAKE. depending on the context of the event.aFleX 2.HTTP_REQUEST_DATA. Syntax SSL::sessionid Example: when CLIENTSSL_HANDSHAKE { set cert [SSL::cert 0] session add ssl [SSL::sessionid] $cert 300 } Valid Events CLIENTSSL_CLIENTCERT.CLIENTSSL_HANDSHAKE. ACOS 2.SSL Commands Valid Events HTTP_REQUEST. 252 of 304 Customer Driven Innovation Doc.1 7/2/2013 . SERVERSSL_HANDSHAKE Required Release: ACOS 2.HTTP_RESPONSE. HTTP_RESPONSE_CONTINUE Required Release: ACOS 2.1 or higher SSL::template Applies an SSL template to either the client or server side of a connection.0. CLIENTSSL_CLIENTCERT.HTTP_REQUEST_DATA.7. Syntax SSL::template <templatename> Applies an SSL template on either the client or server side. HTTP_RESPONSE_DATA.SERVER_CONNECTED. No.7. SSL::template [clientside|serverside] <templatename> Applies an SSL template for specifically the client or server side only.: D-030-01-00-0007 . HTTP_REQUEST. HTTP_REQUEST_SEND.

HTTP_REQUEST_DATA.aFleX 2.SERVER_CONNECTED.SSL Commands Example: when CLIENT_ACCEPTED { SSL::template t1 SSL::template serverside t2 } Valid Events HTTP_REQUEST. No.1 or higher Customer Driven Innovation Doc. LB_SELECTED Required Release: ACOS 2.7. SERVERSSL_HANDSHAKE Required Release: ACOS 2. CLIENT_ACCEPTED. Syntax SSL::session invalidate Example: when CLIENT_ACCEPTED { SSL::template t1 } when CLIENTSSL_HANDSHAKE { SSL::session invalidate } Valid Events HTTP_REQUEST. CLIENTSSL_CLIENTCERT.: D-030-01-00-0007 . ACOS 2. HTTP_REQUEST_SEND.CLIENTSSL_HANDSHAKE. CLIENTSSL_CLIENTCERT. This command is valid only after the SSL handshake is complete for the client side of the connection.SERVER_CONNECTED.CLIENTSSL_HANDSHAKE.A10 Thunder Series and AX Series – aFleX Reference Commands . HTTP_REQUEST_SEND. SERVERSSL_HANDSHAKE. CLIENT_ACCEPTED.HTTP_REQUEST_DATA.7.7.1 7/2/2013 253 of 304 .1 or higher SSL::session invalidate Disables reuse of the SSL Session ID for the client.0.

these commands accepted certificates only in text format.509 commands. See the Sample Output example below. "Client cert extensions .[X509::extensions $cert]" } 254 of 304 Customer Driven Innovation Doc.aFleX 2. In AX Release 2. Note: In previous releases.” to represent unprintable characters. X509::extensions Returns the X. a runtime TCL error is generated. X509::extensions returns a binary Byte array to preserver all information.0. If an invalid certificate is supplied.: D-030-01-00-0007 .509 commands now also accept certificates in Distinguished Encoding Rules (DER) format as input.509 certificate.1 7/2/2013 . No. the X509::extensions command returns binary extension values as text and displays “. Syntax X509::extensions <X509-certificate> Example: when CLIENTSSL_CLIENTCERT { set cert [SSL::cert 0] log local0.A10 Thunder Series and AX Series – aFleX Reference Commands .0.7.509 extensions set on the specified X.7.X509 Commands X509 Commands This section describes the X. ACOS 2. Note: In previous releases. The following X.

0.*} $ext -> eku log "Cert-EKU-List: $eku" } AX3200(config-slb vserver-vport)#sh log Log Buffer: 30000 Sep 04 2012 01:35:41 Info [AFLEX]:ex1:Cert-EKU-List: TLS Web Server Authentication.aFleX 2. 0 aborts) Content: when CLIENTSSL_CLIENTCERT { set hash [X509::hash sha1 [SSL::cert 0]] binary scan $hash H* sha1str log "Cert-Thumbprint: $sha1str" set ext [X509::extensions $cert] regexp {. ACOS 2.*X509v3 Extended Key Usage: \n\s*([^\n]*)\n. TLS Web Client Authentication Sep 04 2012 01:35:41 Info [AFLEX]:ex1:Cert-Thumbprint: 5fe2bf860badc8b588ee7f20d04309343f4ecb46 Sample Output (with Extended Key Usage) Oct 22 2011 05:13:32 Info [AFLEX]:extensions=X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Cert Type: SSL Client X509v3 Key Usage: Digital Signature.A10 Thunder Series and AX Series – aFleX Reference Commands .: D-030-01-00-0007 .7. Key Encipherment X509v3 Extended Key Usage: TLS Web Client Authentication Related Information Valid Events: All Customer Driven Innovation Doc. No.X509 Commands Sample Output AX3200(config-slb vserver-vport)#sh aflex ex1 Name: ex1 Syntax: Check Virtual port: Bind vip-L7-25-130: 443 Statistics: Event CLIENTSSL_CLIENTCERT execute 1 times (0 failures.1 7/2/2013 255 of 304 .

Note: Beginning with AX Release 2.: D-030-01-00-0007 .7.A10 Thunder Series and AX Series – aFleX Reference Commands .509 certificate.6. X509::hash no longer returns a text string but the actual hash value as a Byte array.X509 Commands X509::hash Returns the MD5 (default) or SHA1 hash (fingerprint) of the specified X. Syntax X509::issuer 256 of 304 Customer Driven Innovation Doc.[X509::hash $client_cert]" set cert_hash [X509::hash $client_cert] } Example 2 This example prints a text string of the X509::hash command output. To return a text string. Syntax X509::hash [md5|sha1] <X509 certificate> Example 1 when HTTP_REQUEST { set client_cert [SSL::cert 0] log local0.0.1 7/2/2013 .aFleX 2. See Example 2 below.7. when CLIENTSSL_CLIENTCERT { set hash [X509::hash sha1 [SSL::cert 0]] binary scan $hash H* sha1str log "X-LB-Cert-Thumbprint: $sha1str } Related Information Valid Events: All Required AX Release: 2. No. ACOS 2.0. use the binary scan command.1-P2 X509::issuer Returns the issuer of the X.509 certificate. "Cert hash .

Syntax X509::not_valid_after Example: when CLIENTSSL_HANDSHAKE { set not_valid_after [X509::not_valid_after [SSL::cert 0]] log "Not Valid After: $not_valid_after" } Related Information Valid Events: CLIENTSSL_CLIENTCERT. HTTP_RESPONSE_DATA.: D-030-01-00-0007 .0.1 7/2/2013 257 of 304 .X509 Commands Example: when CLIENTSSL_HANDSHAKE { set issuer [X509::issuer [SSL::cert 0]] log "Issuer: $issuer" } Related Information Valid Events: CLIENTSSL_CLIENTCERT. HTTP_RESPONSE. HTTP_RESPONSE_CONTINUE X509::not_valid_after Returns the not-valid-after date of an X. CLIENTSSL_HANDSHAKE.aFleX 2. HTTP_REQUEST. HTTP_REQUEST_SEND. CLIENTSSL_HANDSHAKE. HTTP_RESPONSE_DATA. HTTP_RESPONSE_CONTINUE Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference Commands . HTTP_REQUEST.7. HTTP_RESPONSE. HTTP_REQUEST_DATA. HTTP_REQUEST_DATA.509 certificate. HTTP_REQUEST_SEND. ACOS 2. No.

HTTP_RESPONSE.aFleX 2. HTTP_REQUEST_SEND.7. HTTP_REQUEST_DATA.509 certificate.A10 Thunder Series and AX Series – aFleX Reference Commands . HTTP_RESPONSE_CONTINUE 258 of 304 Customer Driven Innovation Doc. CLIENTSSL_HANDSHAKE. HTTP_REQUEST_DATA. HTTP_REQUEST_SEND. HTTP_RESPONSE_DATA. HTTP_RESPONSE.509 certificate.: D-030-01-00-0007 .0. CLIENTSSL_HANDSHAKE. HTTP_REQUEST. No.X509 Commands X509::not_valid_before Returns the not-valid-before date of an X.1 7/2/2013 . Syntax X509::serial_number Example: when CLIENTSSL_HANDSHAKE { set serial_number [X509::serial_number [SSL::cert 0]] log "Serial Number: $serial_number" } Related Information Valid Events: CLIENTSSL_CLIENTCERT. HTTP_RESPONSE_CONTINUE X509::serial_number Returns the serial number of an X. ACOS 2. HTTP_RESPONSE_DATA. Syntax X509::not_valid_before Example: when CLIENTSSL_HANDSHAKE { set not_valid_before [X509::not_valid_before [SSL::cert 0]] log "Not Valid Before: $not_valid_before" } Related Information Valid Events: CLIENTSSL_CLIENTCERT. HTTP_REQUEST.

HTTP_RESPONSE_CONTINUE Customer Driven Innovation Doc.: D-030-01-00-0007 .509 certificate. HTTP_REQUEST. HTTP_RESPONSE.7. ACOS 2.1 7/2/2013 259 of 304 .A10 Thunder Series and AX Series – aFleX Reference Commands .509 certificate. CLIENTSSL_HANDSHAKE. Syntax X509::signature_algorithm <X509 certificate> Example: when LB_SELECTED { set cert [SSL::cert 0] log local0.X509 Commands X509::signature_algorithm Returns the signature algorithm of the specified X. HTTP_REQUEST_SEND. HTTP_RESPONSE_DATA. No.0. "Cert signature_algorithm .aFleX 2.[X509::signature_algorithm $cert]" } Related Information Valid Events: All X509::subject Returns the subject of an X. Syntax X509::subject Example: when CLIENTSSL_HANDSHAKE { set subject [X509::subject [SSL::cert 0]] log "subject $subject" } Related Information Valid Events CLIENTSSL_CLIENTCERT. HTTP_REQUEST_DATA.

"Cert subject .509 certificate.1-P2 260 of 304 Customer Driven Innovation Doc. No. "Cert subject .[X509::subject_public_key_RSA_bits $client_cert]" } Related Information Valid Events: All Required AX Release: 2. "Cert public key .[X509::subject $client_cert]" log local0.aFleX 2. Note: This command is only applicable when the public key type is RSA.: D-030-01-00-0007 .X509 Commands X509::subject_public_key Returns the subject’s public key of the specified X. ACOS 2. Syntax X509::subject_public_key <X509 certificate> Example: when CLIENTSSL_CLIENTCERT { set client_cert [SSL::cert 0] log local0.509 certificate.A10 Thunder Series and AX Series – aFleX Reference Commands .7. the command generates an error. Syntax X509::subject_public_key_RSA_bits <X509 certificate> Example: when CLIENTSSL_CLIENTCERT { set client_cert [SSL::cert 0] log local0.[X509::subject $client_cert]" log local0.1-P2 X509::subject_public_key_RSA_bits Returns the size of the subject’s public RSA key of an X.[X509::subject_public_key $client_cert]" } Related Information Valid Events: All Required AX Release: 2.0. Otherwise. "Cert public key .1 7/2/2013 .6.6.

: D-030-01-00-0007 .1-P2 Customer Driven Innovation Doc.0.1 7/2/2013 261 of 304 . No. "Cert verify result . or unknown.aFleX 2. ACOS 2.1-P2 X509::text Return a certificate in human-readable (text) format. Syntax X509::text <X509 certificate> Example: when CLIENTSSL_CLIENTCERT { set client_cert [SSL::cert 0] set cert_text "[X509::text $client_cert]" } Related Information Valid Events: All Required AX Release: 2.6. DSA. Syntax X509::subject_public_key_type <X509 certificate> Example: when CLIENTSSL_CLIENTCERT { set client_cert [SSL::cert 0] log local0.7. The returned value can be RSA.[X509::subject_public_key_type client_cert]" if { [X509::subject_public_key_type $client_cert] equals "unknown" } { SSL::verify_result 50 } set error_code [SSL::verify_result] log local0.[X509::subject $client_cert]" log local0.509 certificate. "Cert subject .[X509::verify_cert_error_string $error_code]" } Related Information Valid Events: All Required AX Release: 2.X509 Commands X509::subject_public_key_type Returns the subject’s public key type of the specified X.A10 Thunder Series and AX Series – aFleX Reference Commands . "Cert public key type .6.

HTTP_RESPONSE_CONTINUE 262 of 304 Customer Driven Innovation Doc. HTTP_REQUEST_SEND. ACOS 2.1 7/2/2013 .: D-030-01-00-0007 .7. Syntax X509::verify_cert_error_string Example: when CLIENTSSL_HANDSHAKE { set result [X509::verify_cert_error_string [SSL::verify_result]] log "result $result" } Related Information Valid Events CLIENTSSL_CLIENTCERT. HTTP_REQUEST. HTTP_RESPONSE_CONTINUE X509::version Returns the version number of an X. CLIENTSSL_HANDSHAKE.0. HTTP_REQUEST_DATA. HTTP_RESPONSE. Syntax X509::version Example: when CLIENTSSL_HANDSHAKE { set version [X509::version [SSL::cert 0]] log "Version Number: $version" } Related Information Valid Events: CLIENTSSL_CLIENTCERT.509 error string. HTTP_RESPONSE_DATA. HTTP_REQUEST_SEND. HTTP_RESPONSE_DATA.aFleX 2. HTTP_REQUEST. HTTP_RESPONSE.509 certificate.A10 Thunder Series and AX Series – aFleX Reference Commands . CLIENTSSL_HANDSHAKE. HTTP_REQUEST_DATA. No.X509 Commands X509::verify_cert_error_string Returns the error string as an OpenSSL X.

No.7.X509 Commands X509::whole Returns the entire X.509 certificate in PEM format.1 7/2/2013 263 of 304 .6.: D-030-01-00-0007 . ACOS 2.1-P2 Customer Driven Innovation Doc. "[X509::whole $client_cert]" } Example: when HTTP_REQUEST { if { [SSL::cert count] > 0 } { HTTP::header insert "X-ENV-SSL_CLIENT_CERTIFICATE" [X509::whole [SSL::cert 0]] } } Related Information Valid Events: All Required AX Release: 2.0. Syntax X509::whole <X509 certificate> Example: when CLIENTSSL_CLIENTCERT { set client_cert [SSL::cert 0] log local0.A10 Thunder Series and AX Series – aFleX Reference Commands .aFleX 2.

use the following command: STATS::clear pool <pool-name> [member <ipaddr> <port-num>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Example: when HTTP_REQUEST { STATS::clear server rs-server-2 80 tcp total-connection STATS::clear virtual-server vip-1 80 http total-connection STATS::clear pool sg-tcp80 total-connection } Related Information Valid Events: All 264 of 304 Customer Driven Innovation Doc.STATS Commands STATS Commands STATS::clear Clears statistics for a real server (node). use the following command: STATS::clear server <server-name | ipaddr> [<port-num> <tcp | udp>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Syntax – Clear Virtual Server Statistics: To clear statistics for a virtual server. use the following command: STATS::clear virtual-server <vip-name| vipaddr> [<port-num> <service-type>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Syntax – Clear Service Group Statistics: To clear statistics for a service group.A10 Thunder Series and AX Series – aFleX Reference Commands .: D-030-01-00-0007 . No. ACOS 2. virtual server. or service group (pool).aFleX 2.7.1 7/2/2013 .0. Syntax – Clear Real Server Statistics: To clear statistics for a real server.

STATS Commands STATS::get Retrieves statistics for a real server (node). statistics for all the server’s real ports are returned. By default. the STATS::get command acts only upon the real servers located in the Role-Based Administration (RBA) partition that contains the aFleX policy. By default. No.1 7/2/2013 265 of 304 .A10 Thunder Series and AX Series – aFleX Reference Commands .0. Customer Driven Innovation Doc. you can specify an individual port by its port number (0-65535) and Layer 4 protocol (tcp or udp). Optionally.: D-030-01-00-0007 .7.aFleX 2. use the following command: STATS::get server <server-name | ipaddr> [<port-num> <tcp | udp>] current-connection | total-connection | request-pkt | response-pkt [partition shared] You can specify the server by its name or IP address (<server-name> or <ipaddr>). Syntax – Get Virtual Server Statistics: To retrieve statistics from a virtual server. use one of the following options: • current-connection • total-connection • request-pkt • response-pkt The shared partition option applies the command to real servers in the shared partition. ACOS 2. virtual server. use the following command: STATS::get virtual-server <vip-name| vipaddr> [<port-num> <service-type>] current-connection | total-connection | request-pkt | response-pkt [partition shared] You can specify the virtual server by its name or VIP address (<vip-name> or <vipaddr>). or service group (pool). To specify the types of statistics to return. Syntax – Get Real Server Statistics: To retrieve statistics from a real server.

statistics for all the virtual server’s ports are returned. see Example 3 in “LB::reselect” on page 168. you can specify an individual port by its port number (0-65535) and service type (tcp.10. The following policy will select a real server based on the current connection counter: Example: when CLIENT_ACCEPTED { set total1 [STATS::get server 10.aFleX 2. Related Information Valid Events: All 266 of 304 Customer Driven Innovation Doc.10 80 } } For another example. The other options are the same as those for real servers and virtual servers. udp.1 7/2/2013 .10. http.10 current-connection] set total2 [STATS::get server 10.20 80 } else { node 10.STATS Commands Optionally.10. No. Optionally.: D-030-01-00-0007 . By default.10. you can specify an individual member (server and port) by the real server IP address and protocol port number. Syntax – Get Service Group Statistics: STATS::get pool <pool-name> [member <ipaddr> <port-num>] current-connection | total-connection | request-pkt | response-pkt [partition shared] Specify the service group by its name (pool-name).10.20 current-connection] if { $total1 > $total2 } { node 10.10. https.0. and so on). statistics for all the service group’s members are returned. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference Commands .10.10. By default. The other options are the same as those for real servers.7.

0.1 7/2/2013 267 of 304 . Syntax TCP::client_port Example: when CLIENT_ACCEPTED { if { [TCP::client_port] > 1000 } { pool slow_pool } else { pool fast_pool } } Related Information Valid Events: All TCP::close Closes the TCP connection. This command is equivalent to the command clientside { TCP::remote_port } and to client_port.TCP Commands TCP Commands TCP::client_port Returns the TCP port/service number of the specified client. Syntax TCP::close Example: when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if {[TCP::payload] contains "abc"} { pool abc_pool TCP::release } else { TCP::close } } Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference Commands . No.: D-030-01-00-0007 .7. ACOS 2.aFleX 2.

7.A10 Thunder Series and AX Series – aFleX Reference Commands .1 7/2/2013 . No. Example: when CLIENT_ACCEPTED { TCP::collect 15 } when CLIENT_DATA { if { [TCP::payload 15] contains "XYZ" } { pool xyz_servers } else { pool web_servers } } Related Information Valid Events: CLIENT_ACCEPTED Support for Generic TCP Proxy The generic tcp-proxy service type. The script behavior differs slightly depending on whether the <length> option is used. is also supported in aFleX. Syntax TCP::collect <length> The <length> parameter specifies the minimum number of bytes to collect.0. new in AX Release 2.aFleX 2.TCP Commands TCP::collect Causes TCP to start collecting the specified amount of content data. TCP::collect <length> 268 of 304 Customer Driven Innovation Doc. Specifically. ACOS 2. you can use the TCP::collect [<length>] command to collect payload data on a tcp-proxy virtual port.: D-030-01-00-0007 .6.

0.aFleX 2. No. • The collect flag will be disabled following the DATA event. • If the event does not contain the TCP::release command.: D-030-01-00-0007 .A10 Thunder Series and AX Series – aFleX Reference Commands . • If the DATA event does not have a TCP::collect command. TCP::col- lect is not allowed again in the DATA event. Thus.7. Example: when CLIENT_ACCEPTED { TCP::collect 1000 } when CLIENT_DATA { set tcplen [TCP::payload length] log "length = ($tcplen)" if { [TCP::payload 15] contains "XYZ" } { pool xyz_servers } else { pool web_servers } TCP::release } TCP::collect If the <length> option is not specified: • DATA event is triggered when first data packet is received. the col- lect flag will be disabled and no incoming packets will be collected. the script must contain another TCP::collect command after the TCP::release command. ACOS 2. • Script is implicitly forced to release data and forward data packet after the DATA event.1 7/2/2013 269 of 304 . a TCP release will be performed even if the script does not contain the TCP::release command. the ACOS device will buffer the data instead of forwarding it. • To keep collecting the next packet.TCP Commands If the <length> option is specified: • DATA event is triggered only when more than the specified number of data packets are collected. Customer Driven Innovation Doc.

ACOS 2. 3. 4. If the TCP::collect command is used in the CLIENT_ACCEPTED event.aFleX 2. and sends a SYN to the server: 1. No.A10 Thunder Series and AX Series – aFleX Reference Commands . 2. if the TCP::collect [<length>] command is not used. the ACOS device performs server selection after the client session is established. Client sends SYN. The session flow continues with the selected server. 270 of 304 Customer Driven Innovation Doc. the ACOS device can not initiate connection with a back-end server following the client ACK. AX sends SYN-ACK.1 7/2/2013 .: D-030-01-00-0007 .7. 5.0. Client sends ACK. AX device selects a real server and sends a SYN to the server.TCP Commands Example: when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { set tcplen [TCP::payload length] log "length = ($tcplen)" if { [TCP::payload 15] contains "XYZ" } { pool xyz_servers } else { pool web_servers } TCP::release TCP::collect } Server Selection Behavior if TCP::collect [<length>] Command Is Not Used with Generic TCP-Proxy Traffic For generic TCP-proxy traffic. After receiving the ACK from the client.

aFleX 2. Client sends ACK. the ACOS device selects a real server and forwards the data. Client sends SYN. keep buffering client data and forward it to the server only when the collect operation is finished. • If collect operation is not finished (collect length is specified). 4. No. 2.7. ACOS 2. ACOS sends SYN-ACK. 3. Client data push. when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { set tcplen [TCP::payload length] log "length = ($tcplen)" if { [TCP::payload ] contains "XYZ" } { pool xyz_servers } else { pool web_servers } TCP::release } Customer Driven Innovation Doc. Only after the collect is finished.: D-030-01-00-0007 . • If collect operation is finished.0.TCP Commands In this case.1 7/2/2013 271 of 304 . the ACOS device waits until the aFleX collect operation is finished and the CLIENT_DATA event is triggered.A10 Thunder Series and AX Series – aFleX Reference Commands . Additional Generic TCP-Proxy Examples The following event types are supported for this use of the command: • CLIENT_ACCEPTED • CLIENT_DATA • SERVER_CONNECTED • SERVER_DATA Here are some examples. 1. Example: Only collect first data packet and trigger DATA event. trigger CLIENT_DATA event and select server to establish connection.

No.A10 Thunder Series and AX Series – aFleX Reference Commands .1 7/2/2013 . the script uses the following: Example: • TCP::collect command in CLIENT_ACCEPTED event • TCP::release command at the end of the CLIENT_DATA event • TCP::collect command in the CLIENT_DATA event. ACOS 2. To perform this operation.0.TCP Commands Collect and trigger DATA event for every TCP data packet.7. the script uses the following: Example: • TCP::collect command with <length> option in CLIENT_ACCEPTED event • TCP::release command at the end of CLIENT_DATA event when CLIENT_ACCEPTED { TCP::collect 2000 } when CLIENT_DATA { set tcplen [TCP::payload length] log "length = ($tcplen)" if { [TCP::payload ] contains "XYZ" } { pool xyz_servers } else { pool web_servers } TCP::release } 272 of 304 Customer Driven Innovation Doc.aFleX 2. enable the collect flag for the next data packet when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { set tcplen [TCP::payload length] log "length = ($tcplen)" if { [TCP::payload ] contains "XYZ" } { pool xyz_servers } else { pool web_servers } TCP::release TCP::collect } Collect first 2000 bytes of data and trigger DATA event.: D-030-01-00-0007 . To perform this operation.

TCP::release is executed only if the number of collected packets is greater than 3.0.aFleX 2.1 7/2/2013 273 of 304 .: D-030-01-00-0007 . aFleX does not allow TCP::collect to be used again in the DATA event.7.TCP Commands Note: If the total TCP payload is less than the collect <length>. Make sure to specify the correct length value in the script. To perform this operation. when CLIENT_ACCEPTED { TCP::collect Set packet_count 0 } when CLIENT_DATA { set packet_count [expr $packet_count + 1] if { $packet_count >= 3 } { set tcplen [TCP::payload length] log "length = ($tcplen)" if { [TCP::payload ] contains "XYZ" } { pool xyz_servers } else { pool web_servers } TCP::release } } TCP::local_port Returns the local TCP port/service number. Syntax TCP::local_port Customer Driven Innovation Doc. Note: If the collect <length> is specified. and can not forward to the server as expected. No. the script uses the following: Example: • TCP::collect command in CLIENT_ACCEPTED event • In the CLIENT_DATA event. This command is equivalent to the variable local_port. Collect the first 3 data packets then forward to the server.A10 Thunder Series and AX Series – aFleX Reference Commands . ACOS 2. the ACOS device will keep waiting for more data from the client.

0. • The RTT takes some time to converge. ACOS 2.1 7/2/2013 .aFleX 2. IKE used by IPSec pool ipsec_pool } elseif {[IP::protocol] == 115} { pool l2tp_pool # L2TP Protocol server } } TCP::mss Returns the on-wire Maximum Segment Size (MSS) for a TCP connection. No.7. Syntax TCP::rtt Notes: • Divide the returned value by 2 to get the actual round-trip time in milli- seconds. TCP control channel pool ms_pptp } elseif {[IP::protocol] == 50 || [IP::protocol] == 51 || [UDP::local_port] == 500} { # AH and ESP used by IPSec.TCP Commands Example: when CLIENT_ACCEPTED { if {[IP::protocol] == 47 || [TCP::local_port] == 1723} { # GRE used by MS PPTP server.: D-030-01-00-0007 . 274 of 304 Customer Driven Innovation Doc. Syntax TCP::mss Example: when CLIENT_ACCEPTED { log "MSS is [TCP::mss]" } TCP::rtt Returns the smoothed round-trip time (RTT) estimate for a TCP connection.A10 Thunder Series and AX Series – aFleX Reference Commands .

A10 Thunder Series and AX Series – aFleX Reference Commands . No.7.0 or higher TCP::offset Returns the position in the TCP data stream in which the collected TCP data starts.7.0.TCP Commands Example: when HTTP_RESPONSE { clientside { set rtt [TCP::rtt] } if {$rtt < 1600 } { log "Don't compress rtt=$rtt" COMPRESS::disable } else { log "compress rtt=$rtt" COMPRESS::enable COMPRESS::gzip level 9 } } Related Information Valid Events: All Required AX Release: 2. ACOS 2.1 7/2/2013 275 of 304 .aFleX 2.: D-030-01-00-0007 . Syntax TCP::offset Example: when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if {[TCP::offset] > 1000} { TCP::release } } Customer Driven Innovation Doc.

1 7/2/2013 .: D-030-01-00-0007 . or replaces collected payload with the specified data.0.7.A10 Thunder Series and AX Series – aFleX Reference Commands . SERVER_DATA 276 of 304 Customer Driven Innovation Doc.TCP Commands TCP::payload Returns the accumulated TCP data content. ACOS 2. TCP::payload <offset> <size> Returns the accumulated TCP data content start from <offset>. Note: This command is supported for the TCP-proxy vport only.aFleX 2. Example: when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if { [TCP::payload] contains "flower" } { pool http-sg2 } else { pool http-sg3 } } Related Information Valid Events CLIENT_DATA. No. TCP::payload length Returns the amount of accumulated TCP data content in bytes. Syntax TCP::payload [<size>] TCP::payload <offset> <size> TCP::payload length TCP::payload [<size>] Returns the accumulated TCP data content. TCP::payload <offset> <size> <data> Returns collected payload with the given data.

7. Note: This command replaces the remote_port command. serverside TCP::remote_port). ACOS 2.: D-030-01-00-0007 .TCP Commands TCP::release Causes TCP to resume processing the connection and flush collected data. Syntax TCP::release Example: when CLIENT_ACCEPTED { TCP::collect 1500 } when CLIENT_DATA { if {[TCP::offset] > 1000} { TCP::release } } TCP::remote_port Returns the remote TCP port/service number.1 7/2/2013 277 of 304 . No.aFleX 2.0. When used with the serverside command (that is.A10 Thunder Series and AX Series – aFleX Reference Commands . the TCP::remote_port command is equivalent to the TCP::client_port command. Syntax TCP::remote_port Example: when SERVER_CONNECTED { log "server TCP port = [TCP::remote_port]" } Customer Driven Innovation Doc. clientside TCP::remote_port). the TCP::remote_port command is equivalent to the TCP::server_port command. When used with the clientside command (that is.

Syntax TCP::respond <data> The <data> parameter specifies the data to send to the peer.: D-030-01-00-0007 .A10 Thunder Series and AX Series – aFleX Reference Commands . This command is equivalent to the command serverside { TCP::remote_port } and to the deprecated variable server_port.0. ACOS 2. No.7.TCP Commands TCP::server_port Returns the TCP port/service number of the specified server. Syntax TCP::server_port Example: when SERVER_CONNECTED { if { [TCP::server_port] > 1000 } { pool slow_pool } else { pool fast_pool } } TCP::respond Sends the specified data directly to the peer.aFleX 2. Example: when HTTP_REQUEST { if {([HTTP::method] eq "POST") && [HTTP::header exists "Expect"] } { HTTP::header remove "Expect" TCP::respond "HTTP/1.1 100 Continue\r\n\r\n" } } Example: 278 of 304 The aFleX example below looks for an “EHLO <hostname>” command and responds with a specific error message. This script intercepts the TCP stream between a webserver that is behind the ACOS device and an SMTP server that is external to the ACOS device. Customer Driven Innovation Doc. This command can be used to complete a protocol handshake.1 7/2/2013 .

No. ACOS 2.3. This command is used in a SMP environment for high-performance processing. SERVER_DATA Required AX Release: 2.3 Unrecognized command\r\n" TCP::payload replace 0 [TCP::payload length] "" } TCP::release } Related Information Valid Events: CLIENT_ACCEPTED.TIME Commands when SERVER_CONNECTED { clientside { TCP::collect 4 } } when CLIENT_DATA { if { [TCP::payload] starts_with "EHLO" } { TCP::respond "500 5. in seconds or milliseconds.1 7/2/2013 279 of 304 .0. CLIENT_DATA.A10 Thunder Series and AX Series – aFleX Reference Commands .7.7. SERVER_CONNECTED. SERVER_CLOSED.aFleX 2. CLIENT_CLOSED. Syntax TIME::clock [seconds | milliseconds] Example: when CLIENT_ACCEPTED { set curtime [TIME::clock seconds] set formattedtime [clock format $curtime -format {%H:%S} ] log "the time is: $formattedtime" } Related Information Valid Events: All Customer Driven Innovation Doc. Note: The lowest resolution of the timer is 4 milliseconds.0 or higher TIME Commands TIME::clock Return the system time.: D-030-01-00-0007 .

No.aFleX 2. SERVER_CONNECTED.A10 Thunder Series and AX Series – aFleX Reference Commands . Syntax UDP::client_port Example: when CLIENT_ACCEPTED { if { [UDP::client_port] equals 80 } { pool pool-80 } } Related Information Valid Events CLIENT_ACCEPTED.1 7/2/2013 . CLIENT_CLOSED. Syntax UDP::local_port Example: when CLIENT_ACCEPTED { if {[IP::protocol] == 47 || [TCP::local_port] == 1723} { # GRE used by MS PPTP server. This command is equivalent to the command clientside { UDP::remote_port }.: D-030-01-00-0007 . CLIENT_DATA. SERVER_CLOSED.0. SERVER_DATA UDP::local_port Returns the local UDP port/service number. TCP control channel pool ms_pptp } elseif {[IP::protocol] == 50 || [IP::protocol] == 51 || [UDP::local_port] == 500} { # AH and ESP used by IPSec. ACOS 2.UDP Commands UDP Commands UDP::client_port Returns the UDP port/service number of the client system.7. IKE used by IPSec pool ipsec_pool } elseif {[IP::protocol] == 115} { pool l2tp_pool # L2TP Protocol server } } 280 of 304 Customer Driven Innovation Doc.

No.UDP Commands Related Information Valid Events: CLIENT_ACCEPTED. Example: when CLIENT_ACCEPTED { TCP::collect } when CLIENT_DATA { if { [UDP::payload 12 20] contains "a10networks" } { pool dns-sg1 } else { pool dns-sg2 } } Customer Driven Innovation Doc. CLIENT_DATA.1 and later. SERVER_DATA UDP::payload Returns the content or length of the current UDP payload. Note: The <size> variable is supported only in AX Release 2. UDP::payload length Returns the length. Syntax UDP::payload [<size>] Returns the content of the current UDP payload.0. CLIENT_CLOSED. Note: The <new_data> variable is supported only in ACOS 2.2 and later.A10 Thunder Series and AX Series – aFleX Reference Commands . UDP::payload <offset> <size> Returns the content of the current UDP payload from <offset>.aFleX 2. ACOS 2.1 7/2/2013 281 of 304 .: D-030-01-00-0007 . SERVER_CLOSED. SERVER_CONNECTED. replaces the <size> of the collected payload with the specified <new_data>.7. UDP::payload replace <offset> <size> <new_data> Stating at <offset>. of the current UDP payload.7.4. in bytes.

UDP Commands Example: In the following example. SERVER_DATA UDP::remote_port Returns the remote UDP port/service number. SERVER_CLOSED. the payload is emptied and filled with data from the “packetdata” string sent to the server when CLIENT_DATA { UDP::payload replace 0 [UDP::payload length] "" # craft a string to hold data.aFleX 2. CLIENT_CLOSED.: D-030-01-00-0007 . SERVER_DATA UDP::server_port Returns the UDP port/service number of the server. CLIENT_DATA.0. No. Syntax UDP::remote_port Example: when CLIENT_ACCEPTED { if { [UDP::remote_port] equals 80 } { pool pool-80 } } Related Information Valid Events: CLIENT_ACCEPTED. ACOS 2. SERVER_CONNECTED. This command is equivalent to the command serverside { UDP::remote_port }.1 7/2/2013 . 0x01 0x00 0x00 0x00 0x02 0x00 0x00 0x00 0x03 0x00 0x00 0x00 set packetdata [binary format i1i1i1 1 2 3 ] UDP::payload replace 0 0 $packetdata } Related Information Valid Events CLIENT_ACCEPTED. CLIENT_DATA. SERVER_CLOSED. 282 of 304 Customer Driven Innovation Doc. CLIENT_CLOSED.A10 Thunder Series and AX Series – aFleX Reference Commands . SERVER_CONNECTED.7.

0. Syntax UDP::respond <data> The <data> parameter specifies the data to send to the peer.A10 Thunder Series and AX Series – aFleX Reference Commands .10.7. CLIENT_DATA. SERVER_CLOSED. CLIENT_CLOSED. Example: when CLIENT_DATA { if { [UDP::payload] contains "abc"] } { UDP::respond "xyz" } } Example: when CLIENT_DATA { set payload "Error: Client not allowed.1 7/2/2013 283 of 304 .UDP Commands Syntax UDP::server_port Example: when SERVER_CONNECTED { if { [UDP::server_port] equals 80 } { log "Port 80 was selected" } } Related Information Valid Events: CLIENT_ACCEPTED." if { [IP::remote_addr] eq 10. This command can be used to complete a protocol handshake. SERVER_DATA UDP::respond Sends the specified data directly to the peer.aFleX 2.: D-030-01-00-0007 . No. ACOS 2.1 } { UDP::drop UDP::respond $payload } } Customer Driven Innovation Doc.10. SERVER_CONNECTED.

SERVER_DATA Required AX Release: 2. ACOS 2. SERVER_CLOSED.URI Commands Example: when CLIENT_ACCEPTED { set packet [binary format S {0x0000}] UDP::respond $packet } Related Information Valid Events: CLIENT_ACCEPTED. Syntax URI::decode <uri> The following script decodes URI string “whoa%20%30%31%32” and writes the decoded string to the log: Example: when HTTP_REQUEST { set d "whoa%20%30%31%32" set e [URI::decode $d] log "Decoded string=$e" } In this example. No.: D-030-01-00-0007 . CLIENT_CLOSED.1 7/2/2013 . the following message appears in the system log: Apr 18 2011 08:22:05 Info Example: [AFLEX]:Decoded string=whoa 012 The following script decodes the URIs in every HTTP request and writes both the encoded and decoded strings to the log: when HTTP_REQUEST { log "The decoded version of \"[HTTP::query]\" is \"[URI::decode [HTTP::query]]\"" } 284 of 304 Customer Driven Innovation Doc.A10 Thunder Series and AX Series – aFleX Reference Commands .0 or higher URI Commands URI::decode Returns a decoded version of a given URI.0.aFleX 2.7. SERVER_CONNECTED.7. CLIENT_DATA.

aFleX 2.URI Commands In this example. HTTP_RESPONSE.1 7/2/2013 285 of 304 . HTTP_RESPONSE_DATA Customer Driven Innovation Doc. No. Syntax URI::encode <uri> The following script encodes URI string “this is a test (&*@#\[\])” and writes the encoded string to the log: Example: when HTTP_REQUEST { set a "this is a test (&*@#\[\])" set b [URI::encode $a] log "Encoded string=$b" } In this example. HTTP_REQUEST_DATA. the following message appears in the system log: Apr 18 2011 08:22:05 Info [AFLEX]:Encoded string= this+is+a+test+%28%26%2a%40%23%5b%5d%29 Related Information Valid Events: HTTP_REQUEST. ACOS 2.7. HTTP_RESPONSE_DATA URI::encode Returns an encoded version of a given URI. HTTP_RESPONSE.A10 Thunder Series and AX Series – aFleX Reference Commands .0. HTTP_REQUEST_DATA.: D-030-01-00-0007 . the following message appears in the system log when the ACOS device receives an HTTP request for URI “whoa%20%30%31%32”: Apr 18 2011 08:22:05 Info [AFLEX]:The decoded version of "whoa%20%30%31%32" is "whoa 012" Related Information Valid Events HTTP_REQUEST.

For example. No.ext?=param=value The command URI::basename returns the following: file. ACOS 2. HTTP_REQUEST_DATA. HTTP_RESPONSE.ext?=param=value The command URI::path returns the following: /path/to/ Syntax: URI:path <uri> URI::path <uri> depth The depth option returns the path depth.1 7/2/2013 .: D-030-01-00-0007 . given the URI below: /path/to/file.A10 Thunder Series and AX Series – aFleX Reference Commands .aFleX 2.URI Commands URI::basename The basename portion of the given URI.ext Syntax URI::basename <uri> Example: when HTTP_REQUEST { set uri [HTTP::uri] log "$uri basename=[URI::basename $uri]" } Related Information Valid Events: HTTP_REQUEST. HTTP_RESPONSE_DATA URI::path The path portion of the given URI.0. 286 of 304 Customer Driven Innovation Doc. For example. given the URI below: /path/to/file.7.

No. Example: when HTTP_REQUEST { set query [URI::query [HTTP::uri]] log local0.A10 Thunder Series and AX Series – aFleX Reference Commands .URI Commands Example: when HTTP_REQUEST { set uri [HTTP::uri] log "$uri path=[URI::path $uri] depth=[URI::path $uri depth]" } Related Information Valid Events: HTTP_REQUEST. For example.HTTP_REQUEST_DATA Required AX Release: 2.0 or higher Customer Driven Innovation Doc.: D-030-01-00-0007 . given the URI below: /path/to/file. HTTP_RESPONSE_DATA URI::query The query string portion of the given URI.7. ACOS 2.HTTP_REQUEST_DATA.HTTP_RESPONSE.1 7/2/2013 287 of 304 .aFleX 2.ext?=param=value The command URI::path returns the following: param=value Syntax URI::query <uri> URI::query <uri> <param> The <param> option returns the query parameter value corresponding to the requested parameter name.0.7. "Query portion of uri [HTTP::uri] is $query" } Related Information Valid Events: HTTP_REQUEST.

pool. The BeginString tag identifies the beginning of a new FIX message and the FIX protocol version. Syntax FIX::begin_string Example: when FIX_REQUEST { log local0. The FIX BodyLength tag gives the message length.A10 Thunder Series and AX Series – aFleX Reference Commands .0 or higher Note: pool and node commands are only available when the vport is of type tcp-proxy. Syntax FIX::body_length Example: when FIX_REQUEST { log local0.7. node Required AX Release: 2. It is always the second field in the FIX message and is always unencrypted.0. It is always the first field in the message and is always unencrypted.aFleX 2. in bytes.7. "BeginString=[FIX::begin_string]" } Related Information Valid Events: FIX_REQUEST. No. ACOS 2. forward to the CheckSum field.Financial Information eXchange Commands Financial Information eXchange Commands FIX::begin_string Returns the value of the BeginString tag. FIX_RESPONSE.1 7/2/2013 .: D-030-01-00-0007 . "BodyLength=[FIX::body_length] bytes" } 288 of 304 Customer Driven Innovation Doc. FIX::body_length Returns the value of the BodyLength tag.

"Message Type=[FIX::msg_type]" } Customer Driven Innovation Doc.: D-030-01-00-0007 .Financial Information eXchange Commands Related Information Valid Events: FIX_REQUEST.0 or higher FIX::msg_seq_num Returns the integer message sequence number.1 7/2/2013 289 of 304 .7. It is always the third field in the message and is always unencrypted. The MsgType tag defines the message type.7. It is always a positive value. and so on) indicates that the message format is privately defined between the sender and receiver. Syntax FIX::msg_seq_num Example: when FIX_REQUEST { log local0.7. U2.0. Note: A “U” as the first character in the MsgType field (examples: U. "Message Sequence Number=[FIX::msg_seq_num]" } Related Information Valid Events: FIX_REQUEST. ACOS 2.A10 Thunder Series and AX Series – aFleX Reference Commands . which is a string that is one or two characters in length. FIX_RESPONSE Required AX Release: 2. FIX_RESPONSE Required AX Release: 2.0 or higher FIX::msg_type Returns the value of the MsgType tag. No.aFleX 2. Syntax FIX::msg_type Example: when FIX_REQUEST { log local0.

dash. always expressed in UTC time.aFleX 2.A10 Thunder Series and AX Series – aFleX Reference Commands . Note: 290 of 304 This timestamp is part of the transport level as a field in the StandardHeader and does not represent the time of a related business transaction. No.7. Syntax FIX::sender_compid Example: when FIX_REQUEST { log local0. The time is returned as a string in either of the following formats: • Whole seconds – YYYYMMDD-HH:MM:SS • Milliseconds – YYYYMMDD-HH:MM:SS.0 or higher FIX::sender_compid Returns the value of the SenderCompID tag.0 or higher FIX::sending_time Returns the value of the time of message transmission. "SenderCompID=[FIX::sender_compid]" } Related Information Valid Events: FIX_REQUEST. and period are required. The SenderCompID is an assigned string value used to identify the firm sending the FIX message.7.0. FIX_RESPONSE Required AX Release: 2.1 7/2/2013 .7. A timestamp for the business transaction is conveyed with the tag 60 TransactTime. FIX_RESPONSE Required AX Release: 2. ACOS 2.Financial Information eXchange Commands Related Information Valid Events: FIX_REQUEST.: D-030-01-00-0007 . Customer Driven Innovation Doc.sss The colons.

0 or higher FIX::target_compid Returns the value of the TargetCompID tag.Financial Information eXchange Commands Syntax FIX::sending_time Example: when FIX_REQUEST { log local0. No.7.7.: D-030-01-00-0007 .7.0. "TargetCompID=[FIX::target_compid]" } Related Information Valid Events: FIX_REQUEST. "SendingTime=[FIX::sending_time]" } Related Information Valid Events: FIX_REQUEST. FIX_RESPONSE Required AX Release: 2. FIX_RESPONSE Required AX Release: 2.aFleX 2. Syntax FIX::target_compid Example: when FIX_REQUEST { log local0.A10 Thunder Series and AX Series – aFleX Reference Commands . The TargetCompID is an assigned string value used to identify the firm receiving the FIX message.1 7/2/2013 291 of 304 .0 or higher Customer Driven Innovation Doc. ACOS 2.

ACOS 2. For example. No. Example: when DB_QUERY { set ret [ DB::query ] log "aflex script got query $ret" pool mssqlgroup } Valid Events DB_QUERY Required Release: ACOS 2. the MySQL “QUIT” command has a value of 1.0. Example: when DB_COMMAND { set ret [ DB::command ] log "aflex script got command number $ret" pool mssqlgroup } Valid Events DB_COMMAND Required Release: ACOS 2.A10 Thunder Series and AX Series – aFleX Reference Commands .1 7/2/2013 .aFleX 2.1 or higher 292 of 304 Customer Driven Innovation Doc.: D-030-01-00-0007 .7.7.1 or higher DB::Command Gets a numeric value that represents the command number.7.Database Load Balancing (DBLB) Commands Database Load Balancing (DBLB) Commands DB::Query Gets a string that holds the entire SQL query which was sent by the client.

ACOS 2. you can use these commands to access the individual configuration parameters of a template.A10 Thunder Series and AX Series – aFleX Reference Commands . This command returns a 1 integer value if a template is configured on the current virtual server or a 0 if the template is not configured on the current virtual server.: D-030-01-00-0007 .0.7. Syntax TEMPLATE::exists [cache | client_ssl | conn_reuse | http | server_ssl | tcp | udp] Checks if the following type of template exists: • cache – RAM Caching template • client_ssl – Client SSL template • conn_reuse – Connection Reuse template • http – HTTP template • server_ssl – Server SSL template • tcp – TCP template • udp – UDP template TEMPLATE::exists persist [cookie | src_ip | dst_ip | ssl_sid] Checks if the following type of persistence template exists: • cookie – Cookie Persistence • src_ip – Source IP Persistence • dst_ip – Destination IP Persistence • ssl_sid – SSL Session ID Persistence Customer Driven Innovation Doc.Template Commands Template Commands The TEMPLATE:: commands enable you to access individual configuration parameters per template. The following commands allow you to check the existence of a certain template type on a virtual server. No. TEMPLATE::exists Determines if a template is bound to a virtual server.1 7/2/2013 293 of 304 . In addition.aFleX 2.

A10 Thunder Series and AX Series – aFleX Reference
Commands - Template Commands
The following policy checks if a Client SSL template is applied to the
virtual server. If so, the command returns a “1” value, which triggers
ACOS to create a log message that a client SSL template is enabled.

Example:

when CLIENT_ACCEPTED {
if { [TEMPLATE::exists client_ssl] == 1} {
log "client SSL template enabled on virtual server"
}
}

Example:
when SERVER_CONNECTED {
if { [TEMPLATE::exists server_ssl] == 1} {
log "server SSL profile enabled on virtual server"
}
}

Valid Events
All
Required Release: ACOS 2.7.1 or higher

TEMPLATE::cache
Gets the current value of the parameter for a RAM cache template.
Syntax
TEMPLATE::cache <setting>
Returns the value for the specified <setting> in the assigned RAM
cache template. For <setting>, enter one of the following:
• name
• accept_reload_req
• age
• default_policy_nocache
• disable_insert_age
• disable_insert_via
• max_cache_size
• max_content_size
• min_content_size

294 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
Commands - Template Commands
• policy
• remove_cookies
• replacement_policy
• verify_host

Valid Events
All
Required Release: ACOS 2.7.1 or higher

TEMPLATE::client_ssl
Gets the current value of the parameter for the client SSL template.
Syntax
TEMPLATE::client_ssl <setting>
Returns the value for the specified <setting> in the assigned client SSL
template. For <setting>, enter one of the following:
• name
• ca_cert
• cert
• chain_cert
• cipher
• client_certificate
• close_notify
• crl
• key
• session_cache_size
• ssl_false_start_disable

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

295 of 304

A10 Thunder Series and AX Series – aFleX Reference
Commands - Template Commands
The following example checks if a client-side SSL template exists on
the virtual port and logs the template name if the SSL template is
found.

Example:

when CLIENT_ACCEPTED {
if { [TEMPLATE::exists client_ssl] == 1 } {
log "*** Template client_ssl is configured on vport ***"
log "*** Name: [TEMPLATE::client_ssl name]"
} else {
log "template client_ssl is not configured on vport"
}

Valid Events
All
Required Release: ACOS 2.7.1 or higher

TEMPLATE::conn_reuse
Gets the current value of the parameter for the connection reuse template.
Syntax
TEMPLATE::conn_reuse <setting>
Returns the value for the specified <setting> in the assigned connection
reuse template. For <setting>, enter one of the following:
• name
• keep_alive_conn
• limit_per_server
• timeout

Valid Events
All
Required Release: ACOS 2.7.1 or higher

TEMPLATE::http
Gets the current value of the parameter for the HTTP template.

296 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
Commands - Template Commands
Syntax
TEMPLATE::http <setting>
Returns the value for the specified <setting> in the assigned HTTP
template. For <setting>, enter one of the following:
• name
• compress_level
• compress_content_type_excludes
• compress_uri_excludes
• compress_enable
• compress_min_size
• compress_content_type
• failover_url
• host_switching
• insert_client_ip
• log_retry
• redirect_rewrite
• request_header_erase
• reuqest_header_insert
• response_header_erase
• response_header_insert
• retry_on_5xx
• retry_on_5xx_per_req
• strict_transaction_switch
• term_11client_hdr_client_close
• url_hash_persist
• url_switching

Valid Events
All
Required Release: ACOS 2.7.1 or higher

TEMPLATE::ssl
Gets the current value of the parameter for the server SSL template.

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

297 of 304

A10 Thunder Series and AX Series – aFleX Reference
Commands - Template Commands
Syntax
TEMPLATE::server_ssl <setting>
Returns the value for the specified <setting> in the assigned server SSL
template. For <setting>, enter one of the following:
• name
• ca_cert
• cert
• cipher
• close_notify
• key
• version

Valid Events
All
Required Release: ACOS 2.7.1 or higher

TEMPLATE::tcp
Gets the current value of the parameter for the TCP template.
Syntax
TEMPLATE::tcp <setting>
Returns the value for the specified <setting> in the assigned TCP
template. For <setting>, enter one of the following:
• name
• force_delete_timeout
• close_idle_timeout
• half_close_idle_timeout
• idle_timeout
• initial_window_size
• reset_fwd
• reset_rev

Valid Events
All
Required Release: ACOS 2.7.1 or higher

298 of 304

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

A10 Thunder Series and AX Series – aFleX Reference
Commands - Template Commands

TEMPLATE::udp
Gets the current value of the parameter for the UDP template.
Syntax
TEMPLATE::udp <setting>
Returns the value for the specified <setting> in the assigned UDP
template. For <setting>, enter one of the following:
• name
• aging
• idle_timeout
• qos
• re_select_if_server_down
• stateless_conn_timeout

Valid Events
All
Required Release: ACOS 2.7.1 or higher

Customer Driven Innovation
Doc. No.: D-030-01-00-0007 - aFleX 2.0, ACOS 2.7.1 7/2/2013

299 of 304

aFleX 2.1 7/2/2013 .: D-030-01-00-0007 . No.Template Commands 300 of 304 Customer Driven Innovation Doc. ACOS 2.7.A10 Thunder Series and AX Series – aFleX Reference Commands .0.

1 7/2/2013 301 of 304 . Customer Driven Innovation Doc. It is recommended not to use these commands. TABLE 6 Deprecated Commands Deprecated Command client_addr client_port http_cookie http_header http_host http_method http_uri http_version ip_protocol ip_tos local_addr redirect remote_addr server_addr server_port use <cmd> Recommended Equivalent Command IP::client_addr TCP::client_port or UDP::client_port HTTP::cookie HTTP::header HTTP::host HTTP::method HTTP::uri HTTP::version IP::protocol IP::tos IP::local_addr HTTP::redirect IP::remote_addr IP::server_addr TCP::server_port or UDP::server_port <cmd> This represents any valid and supported aFleX command.7.0.: D-030-01-00-0007 . No. Instead. please use the recommended equivalent commands. ACOS 2.aFleX 2.A10 Thunder Series and AX Series – aFleX Reference Deprecated and Disabled Commands Deprecated and Disabled Commands Deprecated Commands The global commands listed in Table 6 are deprecated. Please avoid use of “use” in front of any command.

0. the following Tcl commands are disabled in the aFleX syntax. No.aFleX 2.A10 Thunder Series and AX Series – aFleX Reference Deprecated and Disabled Commands Disabled Tcl Commands For security. after exec interp seek auto_execok exit load socket auto_import fblocked memory source auto_load fconfigure namespace tcl_findLibrary auto_mkindex fcopy open tell auto_mkindex_old file package unknown auto_qualify fileevent pid update auto_reset filename pkg::create uplevel bgerror flush pkg_mkIndex upvar cd gets proc vwait close glob pwd eof http rename 302 of 304 Customer Driven Innovation Doc.7.1 7/2/2013 .: D-030-01-00-0007 . You cannot use these commands in aFleX scripts. ACOS 2.

0. ACOS 2.: D-030-01-00-0007 .aFleX 2. No.7.A10 Thunder Series and AX Series – aFleX Reference Customer Driven Innovation Doc.1 7/2/2013 303 of 304 .

San Jose. All rights reserved.Customer Driven Innovation Corporate Headquarters A10 Networks. 304 .toll-free in USA) Fax: +1-408-325-8666 www. Inc. CA 95134 USA Tel: +1-408-325-8668 (main) Tel: +1-408-325-8676 (support . 3 West Plumeria Dr.worldwide) Tel: +1-888-822-7210 (support .a10networks.com © 2013 A10 Networks Corporation.