error after adding new irule

Question

hello , we are getting below error in logs , iR_XFF_RewriteOrInsert irule was working fine before we placed new irule Http
error 
TCL error: iR_XFF_RewriteOrInsert - Operation not supported (line 4) invoked from within "HTTP::header insert X-Forwarded-For [substr [IP::client_addr] 0 "%"]&nbsp;
existing irule when HTTP_REQUEST { 
  if {[HTTP::header exists X-Forwarded-For]}{ 
    HTTP::header replace X-Forwarded-For [substr [IP::client_addr] 0 "%"] 
  } else { 
     HTTP::header insert X-Forwarded-For [substr [IP::client_addr] 0 "%"] 
  } 
 }
new irule added last week to function with existing irule
 when HTTP_REQUEST { if {([class match [IP::remote_addr] equals whitelist]) } { pool Pool_1 } else { HTTP::respond 503 content [b64decode [class element -name 0 DG_MAINTENANCE_HTML]] "Content-Type" "text/html" } }&nbsp;

kevin_stewart · Answer

First, the error should only be manifesting when the client source doesn't match your whitelist data group, where you subsequently send a 503. In the order that you have your iRules applied to the VIP (assuming new one on top), you're potentially sending a 503 response (an egress mechanism) BEFORE attempting to add a header to the ingress stream. You should be able to solve this two ways:

Re-order the iRules in your VIP configuration, or

Apply priority tags to the HTTP_REQUEST events to force a specific order, like this:
when HTTP_REQUEST priority 50 { 
    if { [HTTP::header exists X-Forwarded-For] } { 
        HTTP::header replace X-Forwarded-For [substr [IP::client_addr] 0 "%"] 
    } else { 
        HTTP::header insert X-Forwarded-For [substr [IP::client_addr] 0 "%"] 
    } 
}

when HTTP_REQUEST priority 100 { 
    if { ( [class match [IP::client_addr] equals whitelist] ) } { 
        pool Pool_1 
    } else { 
        HTTP::respond 503 content [b64decode [class element -name 0 DG_MAINTENANCE_HTML]] "Content-Type" "text/html" 
    } 
}

amit_128525 · Answer

thanks for reply Kevin I have reordered the irules but we are still recieving errors . 
Mon Jan 6 09:48:44 GMT 2014 err local/tmm3 tmm3[6222] 01220001 TCL error: iR_XFF_RewriteOrInsert  - Operation not supported (line 4) invoked from within "HTTP::header insert X-Forwarded-For [substr [IP::client_addr] 0 "%"]"&nbsp;

nitass · Answer

would you mind changing the existing irule to something like this?
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule xff
ltm rule xff {
    when HTTP_REQUEST_SEND {
  clientside {
    HTTP::header remove X-Forwarded-For
    HTTP::header insert X-Forwarded-For [substr [IP::client_addr] 0 "%"]
  }
}
}

torti · Answer

you could try "event disable all" behind the HTTP::respond
HTTP::respond 503 content [b64decode [class element -name 0 DG_MAINTENANCE_HTML]] "Content-Type" "text/html" 
event disable all

amit_128525 · Answer

its resolved with chsnging the sequence of the irules I was not doing it on all the VS earlier . Apology for time and thanks for help&nbsp;

Forum Discussion

error after adding new irule

5 Replies

Recent Discussions

Access azure app service using f5 LTM

redirect not working

Reliable resources for identifying IP addresses

Issue on license renewal

Viprion files on blades.

Related Content

BIG-IQ : Error when adding device

Getting Started with BIG-IP Next: Adding Instances to Central Manager

Insufficient permissions BIG-IQ login error

Error While Adding Peer Devices to Local Trust Domain

ASM - Adding Allowed URL's via CLI in 2023