Forum Discussion

Kai_M__48813's avatar
Feb 03, 2017

tcl error on iapp irule

im currently looking at an iapp deployment using the citrix_vdi_2.4.0 template, and it is configured with storefront as described in the deployment guide. This means the the following irule has been implemented, with correct webstore addded.

 

when ACCESS_ACL_ALLOWED { set type [ACCESS::session data get session.client.type] if { !($type starts_with "citrix") } { if { [HTTP::uri] == "/" } { log local0. "Redirecting to /Citrix/Web/" ACCESS::respond 302 Location "https://[HTTP::host]/Citrix/Web/" } } }

 

this irule works well, but the logs show us that users gets "kicked" out by the next irule provided by the iapp:

 

when CLIENT_ACCEPTED { set citrix_logout 0 } when ACCESS_ACL_ALLOWED { set type [ACCESS::session data get session.client.type] if { !($type starts_with "citrix") } { set storeWebName "storeweb" set http_uri [HTTP::uri] if { $http_uri == "/" || ($citrix_logout eq 0 && $http_uri ends_with "login.aspx") } { log local0. "For [HTTP::uri] Redirecting to /Citrix/$storeWebName/" ACCESS::respond 302 Location "https://[HTTP::host]/Citrix/$storeWebName/" } elseif { $http_uri contains "Logoff" } { set citrix_logout 1 } elseif { $citrix_logout eq 1 && $http_uri ends_with "login.aspx" } { set citrix_logout 0 ACCESS::respond 200 content "Logged out\r\n" Connection close ACCESS::session remove } } }

 

here we get a tcl error in the logs: 01220001TCL error: /Common/citrix.app/citrix_loggedout - Operation not supported (line 4) invoked from within "HTTP::uri"

 

is there a specific reason for why this tcl error occurs when user has logged on? the only thing i can think of, is that the redirect performed by the logged out irule is using the wrong storeweb, but that is easy to fix.

 

any input on this is appreciated:)

 

2 Replies

  • Hi Kai,

    the error message occours if an iRule tries to Read / Rewrite a HTTP request, which is already responded by an previous iRule.

    You can circumvent this behavior by changing the the first iRule so that it disables further iRule processing after the HTTP redirect is send.

    when ACCESS_ACL_ALLOWED { 
        set type [ACCESS::session data get session.client.type] 
        if { !($type starts_with "citrix") } { 
            if { [HTTP::uri] == "/" } { 
                log local0. "Redirecting to /Citrix/Web/" 
                ACCESS::respond 302 Location "https://[HTTP::host]/Citrix/Web/" "Connection" "Close"
                TCP::close
                event disable all
            } 
        }
    }
    

    Note: The

    "Connection" "Close"
    parameter and the
    TCP::close
    command is required, to force the client to establish a new TCP connection after the redirect is send and further iRule processing is disabled. This makes sure that subsequent request will process iRules again...

    Cheers, Kai

  • The fix in this post worked for me. I am using the template.