Alternative to getfield to check XFF client IP using data group

First - did you try the irule I provided, or try the proc  provided?

Two - if this occurred as a result of an upgrade, you could raise a support ticket with F5.

Three - try some logging statements to determine where the error is occurring:

when HTTP_REQUEST {
if { [active_members POOL-WEBSERVERS] < 1 } {
HTTP::redirect " http://maintenance.mysite.com" 
    } else { 
 
set CHECK_IP [getfield [HTTP::header values X-Forwarded-For] " " 1]
log local0. "the X-Forwarded-For header value is $CHECK_IP"
 if { !([class match $CHECK_IP eq DG-ALLOWED-IP]) } {
     if { [class match [HTTP::uri] eq DG-ALLOWED-URI-LIST] } {
            reject 
             }
          }
          switch -glob [HTTP::uri] {
         "*/abc/portal1/idtrack*" -
         "*/cde/portal2/idtrack2*" -
         "*/fgh/abc/portal3/idtrack*" {
          if { ([class match $CHECK_IP eq DG-ALLOWED-IP]) } {
			if { [HTTP::uri] contains "/public/idtracker" } {
				HTTP::redirect "https://[HTTP::host]/secure/idtracker"
			} else {
          HTTP::redirect "https://[HTTP::host]/login2/public/idtracker/" 
   	   }
	 }
       }
    }
  }
}

On the BigIP, run

# tail -f /var/log/ltm | grep "the X-Forwarded-For header value is"

to see the logged lines from the irule.

Either you are getting an IP address with a leading "{" that needs to be removed, or Check_IP is empty - both will cause the IP address validation failure.

Use irule logging to determine which one it is.