Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

insert X-Forwarded-Proto log TCL error

Hello,

We have iRule applied to tcp/80 VS. In it under HTTP_REQUEST there are two switch commands and the second has default statement: default { HTTP::header insert X-Forwarded-Proto http }. Log says: "TCL error: /VS/iRule-test - Operation not supported (line 7) invoked from within "HTTP::header insert X-Forwarded-Proto http" ("default" arm line 2) invoked from within "switch -glob [string tolower [HTTP::uri]] { "/xxx" - "/zzz"..." "

Will appreciate if someone clearly explain why it doesn't work?

0
Rate this Question
Comments on this Question
Comment made 11-Jun-2015 by Torti 806
did you set the Quotation Marks on the right position? HTTP::header insert "X-Forwarded-Proto" "http"
0
Comment made 11-Jun-2015 by Merlin.kv 77
tried HTTP::header insert X-Forwarded-Proto http and HTTP::header insert X-Forwarded-Proto "http" result the same
0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

"TCL error: /VS/iRule-test - Operation not supported (line 7) invoked from within "HTTP::header insert X-Forwarded-Proto http" ("default" arm line 2) invoked from within "switch -glob [string tolower [HTTP::uri]] { "/xxx" - "/zzz"..." "

i do not think the error is about command syntax.

can you post the irule?

# tmsh list ltm rule (name)
0
Comments on this Answer
Comment made 11-Jun-2015 by Merlin.kv 77
when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "url1.com" - "url2.com" { HTTP::respond 301 Location "http://www.url1.com[HTTP::uri]" Cache-Control "no-cache" } } switch -glob [string tolower [HTTP::uri]] { "uri1" - "uri2" - "/uri3/*" { HTTP::respond 301 "Location" "https://[HTTP::host][HTTP::uri]" Cache-Control "no-cache" } "/uri4/xxx/*" { IP::idle_timeout 7200 set update_serverside_idle_timeout 1 # log local0. "updated timeout: [IP::idle_timeout]" } default { HTTP::header insert X-Forwarded-Proto http } } } all redirection works as should, even simultaneously.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

i think request matches both HTTP::respond and HTTP::header insert commands.

# configuration

[root@ve11c:Active:In Sync] config # tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 8
}
[root@ve11c:Active:In Sync] config # tmsh list ltm rule qux
ltm rule qux {
    when HTTP_REQUEST {
  HTTP::respond 301
  HTTP::header insert x http_cookie
}
}

# test

[root@ve11c:Active:In Sync] config # curl -I http://172.28.24.10
HTTP/1.0 301 Moved Permanently
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

# /var/log/ltm

[root@ve11c:Active:In Sync] config # cat /var/log/ltm
Jun 11 16:59:35 ve11c err tmm[10748]: 01220001:3: TCL error: /Common/qux <HTTP_REQUEST> - Operation not supported (line 1)     invoked from within "HTTP::header insert x http_cookie"
0
Comments on this Answer
Comment made 11-Jun-2015 by Merlin.kv 77
is it possible to rewrite irule with if { both switches} and else { default action }? and to left possibility for execution both conditions simultaneously?
0
Comment made 11-Jun-2015 by nitass 13357
can we just put return command after condition matches? return https://devcentral.f5.com/wiki/iRules.return.ashx
0
Comment made 11-Jun-2015 by Merlin.kv 77
do you mean return after first redirect?
0
Comment made 11-Jun-2015 by nitass 13357
yes
0
Comment made 11-Jun-2015 by Merlin.kv 77
it works! thank you!
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

It says in the command documentation that the irule doesn't want to run HTTP::header insert after a HTTP::redirect: https://devcentral.f5.com/wiki/iRules.http__header.ashx

HTTP::header insert

If this command is executed after issuing the HTTP::redirect or HTTP::respond command, the F5 will become confused, generate an "Operation Not Supported" TCL error and reset the connection.

0