Skip to main content Skip to search

aFleX Tutorial: Scripting Tool for Thunder Products

What is aFlex?

aFleX is a scripting tool that is built into the Thunder Application Delivery Controller (ADC). aFleX is based on a standard scripting language, TCL, enabling the load balancer to perform Layer 7 deep-packet inspection (DPI). Information in the header or data portion of the packet can then be erased, changed or manipulated as needed, or the packet can be dropped or redirected based on the information.

Introduction to aFlex Scripting

Advantages of using aFleX

aFleX policies allow you to exercise more granular control of packet inspection and traffic load balancing. The benefits can be, but are not limited to:

  • Higher Availability
    • Provide an unavailable/sorry page when all servers or applications are not responding or are down.
    • Redirect end-users to the backup data center if all servers or applications are not responding or are down.
  • Higher Security
    • Block specific end-users and/or specific client traffic.
  • Higher Flexibility
    • Transparently convert an HTTP web application to HTTPS
    • Provide persistency  for a specific application
    • Forward specific end-users and/or specific client traffic to a specific pool of servers or specific server in a pool
    • Transparently add a new hostname to an existing Web site
  • Higher Performance
    • Improve end-users’ browser cachability for web site static content

Elements of an aFleX Script

  • aFleX scripts are made up of three basic elements:
    • Events
    • Operators
    • aFleX commands



  • aFleX scripts are event-driven, which means the aFleX script is triggerd when the specified event occurs.
  • Examples:
    • HTTP_REQUEST event occurs when an HTTP request is received.
    • CLIENT_ACCCEPTED event occurs when a client has established a connection.


  • Standard Tcl operators Note: Tcl tutorial
  • Relational operators:  contains, matches, equals, starts_with, ends_with, matches_regex
  • Logical operators: not, and, or

aFleX commands

  • Used to query for data, manipulate data, or specify a traffic destination. These may be grouped into three main categories:
    • Statement commands
      Example: pool directs traffic to the named load balancing pool.
    • Commands that query or manipulate data

      • IP::remote_addr returns the remote IP address of a connection.
      • HTTP::header remove removes the last occurrence of the named header from a request or response.
    • Utility commands – useful for parsing and manipulating content
      Example: decode_uridecodes the named string using HTTP URI encoding and returns the result.

Note: aFleX is extensible. In future Thunder software releases, additional aFleX events and aFleX commands will be added.

The list of supported Events, Operators, and Commands is available in the Thunder Series aFleX Reference.

aFleX Configuration

aFleX configuration is done in 2 steps:

  1. Place the aFleX script on the Thunder device.
    • Using the CLI
      • Use a computer with any text editor to write an aFleX script and save it as a file.
      • Use the import aflex command to import the aFleX file from the computer to the Thunder device.
      • aFleX CLI syntax check: aflex check script-name
    • Using the WebUI
      • With the Thunder’s web interface, you can directly type in aFleX scripts and save them on the Thunder device. In the Thunder WebUI, navigate to Config Mode > Service > aFleX.
    • Using the aFleX Editor
      • The aFleX Editor is a separate PC application you can use to download/upload aFleX scripts from/to the Thunder device. Moreover, the aFleX Editor can do syntax checking. As an editor, it also has syntax highlighting, keyword auto-completion, etc.
  2. Assign the aFleX script to VIP port
    • Using the WebUI: Config Mode > Service > SLB > Virtual Server > Port
    • CLI:
      Thunder(config)# slb virtual-server name [ipaddr]
      Thunder(config-slb vserver)# port N tcp
      Thunder(config-slb vserver-vport)# aflex script-name

aFleX statistics are available in the WebUI or CLI:

  • WebUI: Monitor Mode > Service > aFleX
  • CLI: Thunder# show aflex script-name

Related Posts

aFleX Scripting Language and Layer 7 Deep-packet Inspection

aFleX is a powerful and flexible scripting language that you can use to manage your traffic and provide enhanced benefits and services. It’s built into the Thunder® Application Delivery Controller (ADC), a high-performance load balancing solution that enables your applications to be highly secure, available, and accelerated.

Paul Nicholson
June 14, 2018

About Paul Nicholson

Paul Nicholson brings 24 years of experience working with Internet and security companies in the U.S. and U.K. In his current position, Nicholson is responsible for global product… Read More

How cloud-ready and modernized are your application services?

Take this brief multi-cloud application services assessment and receive a customized report.

Take the Survey How cloud-ready and modernized are your application services?