A strange case for catching an exception
Environment: 11.1.0 HF2 custom EHF build
I have an iRule associated with a virtual server that's protected by an APM policy. This VS usually has north of 12,000 concurrent users, and is extremely critical in addition to being insanely busy. I've started seeing the following errors in my syslog recently that I expect are due to a new/misconfigured client:
Nov 6 04:31:07 tmm err tmm[8637]: 01220001:3: TCL error: /Common/myiRule - Illegal argument (line 46) invoked from within "HTTP::username"
The only place in my iRule that I invoke HTTP::username is where I set it to a variable for use later. I'm guessing that line 46 is within the username function itself, not in my iRule.
So what I want to do is try to find out who this misconfigured client might be. Whoever they are, their connection is being terminated if I understand the TCL processing of the exception correctly; and here's the weird part - I don't necessarily want to let them through successfully yet. I just want to find out more about their device. And I don't want to log all clients, as I will rapidly run out of resources if I try that.
If I change the following line in my iRule:
set myUser [HTTP::username]
to
if { [catch {set myUser [HTTP::username] } ] } {
set myAgent [HTTP::header "User-Agent"]
log local0. "Invalid username from [IP::remote_addr] using $myAgent"
}
how can I let the connection still terminate so I am not changing the current behavior? I know that catch will always complete execution without raising an error. I can't let the iRule continue processing as if the username is valid. I think adding just a return statement inside the catch would somehow keep the policy continuing - is the best approach to add a drop or reject statement there instead?
Thanks,
Jen