Internal Documentation

This document may change at any time without prior notice.
Changes may break backwards compatibility.
Do not rely on it!

Unblu F5 integration


1.  Introduction

Big-IP F5 is a NAT device mainly used to route the network traffic thru. Due to its functional extensibility thru TCL it is possible to use the F5 as filter reverse proxy for unblu.

When you use unblu Enterprise, you need to configure Big-IP F5 as follows:

  1. First, you need to specify either a node or a virtual server (in case of a SSL connection) for the unblu server.
  2. Then you need to tell the default virtual server to use the unblu filter iRule and, if SSL for the unblu server is used, also the unblu ssl filter iRule.


2. Uploading the unblu filter iRule(s) to F5

In order to enable the Big-IP F5 for use with unblu enterprise, the filter iRules need to be uploaded.

The unblu ssl filter rule is only needed if the virtual server is SSL enabled as well.


This is done by copy/paste the contents of the files in the delivered zip file into the inline editor for TCL iRules on the F5.


3. Enable the virtual server to use unblu filter iRule

To enable a specific virtual server to make use of unblu the previously uploaded iRule(s) need to be attached it.

If the virtual server is SSL enabled then the unblu ssl filter rules needs to be attached as well.


4. Configuring unblu filter iRule

To be able to instantiate the unblu iRule multiple times within the same F5, for different virtual servers, an environment prefix can be set. This prefix is later on used for certain variables in the static namespace of the F5.

# helper function used to set the environment prefix
# for the 'static::' variables in RULE_INIT (i.e. 'dev_')
proc envPrefix {} {
	return ""


A few variables are to be configured for unblu in your specific environment. These are settings like the backend server pool to be used (if not the default should be used), also the unblu enterprise server connection and how the unblu filter configuration should be loaded.

when RULE_INIT {
	set env_prefix [call envPrefix]

	log "unblu filter irule init.... ${env_prefix}"
	# Following properties can be changed by the user to his needs
	# if no default pool is configured on the VS or a different pool
	# for the backend application server should be used than the 
	# default pool then it must be configured here
	set static::${env_prefix}unblu_backend_server_pool ""

	# The server info object.
	# This info object is used for handling the iRule SIDEBAND connection to unblu 
	# and the 'proxy passing' to unblu based on the path ('/unblu')
	# @origin The origin (i.e scheme and authority) used for the HTTP client requestor.
	#         The authority is also passed as the Host header in the HTTP client requestor.
	#         If @virt is not set then the authority will also be used to resolve
	#         the target host to connect to.
	# @virt   This parameter points to a virtual server configured in the F5. 
	#         It'll then be used in precedence of the origin to connect to the target host(s).
	#         Using a virtual (helper) server is the recommended way by unblu because only this
	#         allows for SSL connection between the iRule and unblu.
	set static::${env_prefix}unblu_server_info [list origin {} virt {unblu_server_8090}]
	# unblu path mappings. configure according to your setup
	set static::${env_prefix}unblu_public_path "/unblu"
	set static::${env_prefix}unblu_system_path "/sys-unblu"

	# unblu default character set.
	set static::${env_prefix}unblu_default_character_set "iso-8859-1"
	# filename to set when filter.configuration should be loaded from BIG-IP FS
	# otherwise it'll be loaded thru a SIDEBAND connection from the unblu server.
	set static::${env_prefix}unblu_configuration_filepath "/Common/unblu-filter.conf"
	# max retries for the ajax http client
	set static::${env_prefix}unblu_ajax_retries 10

	# IP address of an external DNS server to be used for RESOLV::lookup
	set static::${env_prefix}dns_server ""
	set static::${env_prefix}unblu_filter_start_time [clock clicks -milliseconds]
	set static::${env_prefix}unblu_special_environment_variables [list content-type content-length original_url original_path character_set]
	set static::${env_prefix}unblu_rule_operators [list "equals" EQUALS "startsWith" STARTS_WITH "endsWith" ENDS_WITH "contains" CONTAINS "=" NUMERIC_EQUALS ">" GREATER_THAN "<" SMALLER_THAN ">=" GREATER_THAN_OR_EQUAL "<=" SMALLER_THAN_OR_EQUAL]
	set static::${env_prefix}unblu_codeinjection_reference_strings [list BEFORE_BODY_CLOSE AFTER_HEAD_START AFTER_LAST_META BEFORE_HEAD_CLOSE BASE_TAG]
	set static::${env_prefix}unblu_codeinjection_type_wrappings [list INTERNAL_JAVASCRIPT [list "<script type=\"text/javascript\">\n" "\n</script>"] \
							     		  EXTERNAL_JAVASCRIPT [list "<script charset=\"UTF-8\" type=\"text/javascript\" src=\"" "\"></script>"] \
							     		  INTERNAL_STYLE_SHEET [list "<style type=\"text/css\">\n" "\n</style>"] \
							     		  EXTERNAL_STYLE_SHEET [list "<link rel=\"stylesheet\" href=\"" "\" type=\"text/css\" media=\"all\"></link>"] \
							     		  HTML_CONTENT [list "" ""] \
							     		  BASE_TAG_TYPE [list "BASE" "BASE"] \

	array set static::${env_prefix}unblu_filter [list envPrefix $env_prefix unbluIsRunning DOWN initialized 0]
	call initUnbluFilter static::${env_prefix}unblu_filter
	unset env_prefix


Note: If the unblu filter configuration is loaded from the Big-IP F5 filesystem then it must be uploaded and connected with the virtual server.

How can we help?

Chat with us and we will take you through our site!

Read about how we use cookies and how you can control them by clicking "Cookie Settings." If you continue to use this site, you consent to our use of cookies.