Forum Discussion

Walter_Kacynski's avatar
Walter_Kacynski
Icon for Cirrostratus rankCirrostratus
Jan 29, 2016

New iRule Warnings with BIG-IP 12.0.0

I just upgraded to BIG-IP 12 from version 11.5.3. It seems that mcpd now throws morning warning and validation messages than before:

 

 

/Common/TST-IHS-Access-Rule:276: warning: [The following errors were not caught before. Please correct the script in order to avoid future disruption. "unexpected token(s): ' X-AO-ssodbg 4'"16199 300][ACCESS::respond 200 content "    1740 Access has been denied with the username and password that were entered.  " Content-Type "text/xml;charset=ISO-8859-1" X-AO-ssodbg 4]
/Common/TST-IHS-Access-Rule:285: warning: [The following errors were not caught before. Please correct the script in order to avoid future disruption. "unexpected token(s): ' X-AO-ssodbg 6'"17216 79][ACCESS::respond 401 WWW-Authenticate "Basic realm=\"foobar.com\"" X-AO-ssodbg 6]

 

 

Since under prior release this iRule works perfectly fine, I don't understand that the unexpected token(s) phrase is error on. Specifically what are the integer values after the X-AO-ssodbg 4 and X-AO-ssodbg 6?

Here are the source lines from the iRule that match this error message:

276:

 

ACCESS::respond 200 content "    1740 Access has been denied with the username and password that were entered.  " Content-Type "text/xml;charset=ISO-8859-1" X-AO-ssodbg 4

 

285:

 

ACCESS::respond 401 WWW-Authenticate "Basic realm=\"foobar.com\"" X-AO-ssodbg 6

 

application delivery
iRules
TMOS

5 Replies

Sort By
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Jan 29, 2016

    Hi Walther,

    X-AO-ssodbg 4 and X-AO-ssodbg 6 are both custom HTTP headers which where implemented by the developer of this iRule.

    I guess the integers are refering to the well knwon severity level? But only the autor knows for sure...

    Severity 4 = Warning (aka. Access Denied) Severity 6 = Informational (aka. Login Required)

    You could probably stop the log entries by changing the code to "X-AO-ssodbg" "4" and "X-AO-ssodbg" "6". Or if those debugs lines are not required anymore, then simply remove them... 😉

    Cheers, Kai

  • Walter_Kacynski's avatar
    Walter_Kacynski
    Icon for Cirrostratus rankCirrostratus
    Feb 01, 2016

    I wrote this rule and the value of X-AO-ssodbg does not matter syntactically. I tried quoting the value and the header name itself and there is no change. I have this same syntax used in multiple places in the irule and it only throws a warning on these two lines. I tried removing the hyphens and still no change.

     

  • Walter_Kacynski's avatar
    Walter_Kacynski
    Icon for Cirrostratus rankCirrostratus
    Feb 10, 2016

    This is a bug with ACCESS::respond only in that version 12.0.0 is only allowing for a single HTTP header to be inserted. This is being tracked as BUG ID 572519

     

  • Nicolas_COLLET's avatar
    Nicolas_COLLET
    Icon for Nimbostratus rankNimbostratus
    Sep 02, 2017

    Hi,

     

    I have the same warning message in BIG IP v13.0 HF2 :

     

    warning: [The following errors were not caught before. Please correct the script in order to avoid future disruption. "unexpected token(s) at NO.4 argument"1407 163][ACCESS::respond 403 -version "1.1" "Access-Control-Allow-Origin" [HTTP::header "Origin"] \ "Access-Control-Allow-Credentials" "true"]

     

    I try to do this :

     

    ACCESS::respond 403 -version "1.1" "Access-Control-Allow-Origin" [HTTP::header "Origin"] \ "Access-Control-Allow-Credentials" "true"

     

    But apparently, it's work correctly.

     

    In v12, this BUG ID 572519 appear and documented, but not in v13.0 :

     

    So if F5 person can explain it's this bug appear always in v13 or not ?

     

    Best regards

     

  • Nicolas_COLLET's avatar
    Nicolas_COLLET
    Icon for Nimbostratus rankNimbostratus
    Jan 30, 2018

    Hi,

     

    I confirm that this problem is solved in version 13.1.0. We tested on our side with version 13.1.0.2

     

    Best regards