iRule Newbieee question

Question

Hi Guys,&nbsp;
&nbsp;I'm using the irule mentioned here :&nbsp;
&nbsp;http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnotes_ve_10_1_0.htmlbigip_restrict &nbsp;
&nbsp;rule target_server_ssl { when CLIENT_ACCEPTED { virtual server_ssl_test } } pool b68_https { member 10.1.1.68:4443 } virtual client_ssl_test { destination 10.1.1.117:443 profile http clientssl tcp rule target_server_ssl } virtual server_ssl_test { destination 10.1.1.117:443 profile http serverssl tcp pool b68_https vlan none enable } &nbsp;
&nbsp;and it's giving me errors aven on line 1. I modified the erros with my ip addresses.&nbsp;
&nbsp;01070151:3: Rule [FullSLL_WiorkAround_redirect] error: line 1: [undefined procedure: rule] [rule target_server_ssl { when CLIENT_ACCEPTED { virtual server_ssl_test } }] line 6: [command is not valid in the current scope] [pool b68_https { member 192.168.0.12:443 }] line 7: [command is not valid in the current scope] [virtual client_ssl_test { destination 192.168.6.99:443 profile http clientssl tcp rule target_server_ssl }] line 12: [command is not valid in the current scope] [virtual server_ssl_test { destination 192.168.6.99:443 profile http serverssl tcp pool b68_https vlan none enable }]

hooleylist · Answer

Hi Joe, 
&nbsp;  
&nbsp; This is the iRule portion you'd enter in the GUI when creating a new iRule: 
&nbsp;  
&nbsp; when CLIENT_ACCEPTED { virtual server_ssl_test } 
&nbsp;  
&nbsp; The rest is defining a pool, and two virtual servers.  If you wanted to run these commands via the CLI, you could use these separate commands: 
&nbsp;  
&nbsp; rule target_server_ssl { when CLIENT_ACCEPTED { virtual server_ssl_test } }  
&nbsp;  
&nbsp; pool b68_https { member 10.1.1.68:4443 }  
&nbsp;  
&nbsp; virtual client_ssl_test { destination 10.1.1.117:443 profile http clientssl tcp rule target_server_ssl }  
&nbsp;  
&nbsp; virtual server_ssl_test { destination 10.1.1.117:443 profile http serverssl tcp pool b68_https vlan none enable }  
&nbsp;  
&nbsp; b save 
&nbsp;  
&nbsp; But instead of working around a trial version SSL limitation, I'd encourage you to get in touch with an F5 or partner SE and get a 45 day eval key for the LTM VE lab edition.  This will allow you to run all the TMM modules and not deal with the trial version limitation. 
&nbsp;  
&nbsp; Aaron

joethefifth · Answer

Thanks aaron. I will test this. cheers !

Forum Discussion

iRule Newbieee question

2 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Novice Question - irules

irule logging question

Health monitor question

F5 Connection Mirroring question

IRULE question - pool command and SSL renegotiation