Forum Discussion

Russell_E_Glaue's avatar
Russell_E_Glaue
Icon for Nimbostratus rankNimbostratus
Mar 15, 2007

calling system applications / command disabled

Some TCL commands are disabled in iRules, like

 

set sc [open "| /usr/bin/command"]

 

 

I get the error:

 

line 1: [command is not valid in the current scope] [set sc [open "| /usr/bin/command"]]

 

line 1: [command is disabled: "open"] [open "| /usr/bin/command"]

 

 

So is there a list of disabled commands?

 

 

Also, if I have a script written in PERL on the system, and I want my iRule to execute it to receive a status of a node to be used in evaluation in the iRule, how can I execute the script and import the resulting output if open is disabled?

 

 

-RG
application delivery
dev
devops
iRules

3 Replies

Sort By
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Mar 15, 2007
    The disabled commands are in the configuration guide.
  • Russell_E_Glaue's avatar
    Russell_E_Glaue
    Icon for Nimbostratus rankNimbostratus
    Mar 15, 2007
    I could not find the configuration guide, but it was communicated to me that the list of disabl;ed commands is on the Wiki.

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/DisabledTclCommands.html

     

     

    I find it frustrating that when I searched earlier in the iRule Wiki for this search string:

     

    "disabled tcl commands"

     

    That the search turned up nothing.

     

     

     

    After being visually pointed to the diabled TCL commands on the Wiki, and saw the wiki name of "DisabledTCLCommands", I can search for that exact string:

     

    "DisabledTCLCommands"

     

    And this returns results.

     

     

     

    Why does the wiki search have this problem?

     

    Should the wiki try and find results that match any part of the sentence string, and not restrict the search to only an exact match.

     

     

     

    Anyway, disabling "open" and "exec" TCL commands disallows communication to an external application on the system from an iRule. How can I get around this restriction? How can I communicate with a system application?

     

     

    -RG

     

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Mar 15, 2007
    Those are all valid points on the searchability...hopefully that will be enhanced.

     

     

    I'm sure the developers can give you several reasons why these commands are disabled, but I think you need to use iControl if you need access to system commands.

     

     

    The configuration guides are all online at ask.f5.com