Forum Discussion

TJ_Vreugdenhil's avatar
TJ_Vreugdenhil
Icon for Cirrus rankCirrus
Mar 06, 2014

We are running 11.4.1 HF3.

The iRule takes but when you begin to try to send traffic to the APM VIP it either fails completely in the browser with a reset or doesn't log correctly because it identifies TCL errors. Below is our basic access-policy and TCL errors below. If you got it to work on a APM VIP, do you mind sharing your policy, VIP and iRule config? 

apm policy access-policy /Common/F5RDP {
    caption general
    default-ending /Common/F5RDP_end_deny
    items {
        /Common/F5RDP_act_active_directory_auth { }
        /Common/F5RDP_act_logon_page {
            priority 2
        }
        /Common/F5RDP_act_radius_auth { }
        /Common/F5RDP_act_resource_assign {
            priority 3
        }
        /Common/F5RDP_act_variable_assign { }
        /Common/F5RDP_end_allow {
            priority 5
        }
        /Common/F5RDP_end_deny {
            priority 4
        }
        /Common/F5RDP_ent_in { }
    }
    start-item /Common/F5RDP_ent_in
}



After connecting to page
Mar  5 13:32:28 LTM1 info tmm1[12688]: Rule /Common/APM_LOCAL_LOGGING_TEST1 : virtual=/Common/F5RDP client_ip=10.26.243.128 client_port=51038 lb_server=127.0.0.1:10001 host=172.30.1.1 request="GET /my.policy HTTP/1.1" server_status=302 content_length=169 resp_time=3 referer=
Mar  5 13:32:28 LTM1 info tmm1[12688]: Rule /Common/APM_LOCAL_LOGGING_TEST1 : virtual=/Common/F5RDP client_ip=10.26.243.128 client_port=51038 lb_server=127.0.0.1:10001 host=172.30.1.1 request="GET /my.policy HTTP/1.1" server_status=302 content_length=169 resp_time=3 referer=virtual=/Common/F5RDP client_ip=10.26.243.128 client_port=51038 lb_server=127.1.1.3:8080 host= request="GET /renderer/agent_logon_page_form.eui?f2_name=password2&f2_varname=password2&f3_type=text&f3_name=hostname&f3_varname=hostname&f4_type=password&f4_name=password&f4_varname=password HTTP/1.0" server_status=200 content_length=13703 resp_time=1 referer=


After putting in variables on page
Mar  5 13:32:54 LTM1 info tmm[12688]: Rule /Common/APM_LOCAL_LOGGING_TEST1 : virtual=/Common/F5RDP client_ip=10.26.243.128 client_port=52373 lb_server=127.0.0.1:10001 host=172.30.1.1 request="POST /my.policy HTTP/1.1" server_status=200 content_length=43 resp_time=947 referer=https://172.30.1.1/my.policy
Mar  5 13:32:54 LTM1 err tmm[12688]: 01220001:3: TCL error: /Common/APM_LOCAL_LOGGING_TEST1  - can't read "userid": no such variable     while executing "append log_msg "userid=$userid ""
Mar  5 13:32:54 LTM1 info tmm1[12688]: Rule /Common/APM_LOCAL_LOGGING_TEST1 : virtual=/Common/F5RDP client_ip=10.26.243.128 client_port=52472 lb_server=127.0.0.1:10001 host=172.30.1.1 request="GET /my.policy HTTP/1.1" server_status=302 content_length=169 resp_time=3 referer=https://172.30.1.1/my.policy
Mar  5 13:32:54 LTM1 info tmm1[12688]: Rule /Common/APM_LOCAL_LOGGING_TEST1 : virtual=/Common/F5RDP client_ip=10.26.243.128 client_port=52472 lb_server=127.0.0.1:10001 host=172.30.1.1 request="GET /my.policy HTTP/1.1" server_status=302 content_length=169 resp_time=3 referer=https://172.30.1.1/my.policyvirtual=/Common/F5RDP client_ip=10.26.243.128 client_port=52472 lb_server=127.1.1.3:8080 host= request="GET /renderer/agent_logon_page_form.eui?f2_name=password2&f2_varname=password2&f3_type=text&f3_name=hostname&f3_varname=hostname&f4_type=password&f4_name=password&f4_varname=password HTTP/1.0" server_status=200 content_length=13703 resp_time=1 referer=

After attempting to log in 3 times I get “connection reset and the following log
Mar  5 13:33:25 LTM1 info tmm[12688]: Rule /Common/APM_LOCAL_LOGGING_TEST1 : virtual=/Common/F5RDP client_ip=10.26.243.128 client_port=54495 lb_server=127.0.0.1:10001 host=172.30.1.1 request="POST /my.policy HTTP/1.1" server_status=200 content_length=43 resp_time=444 referer=https://172.30.1.1/my.policy
Mar  5 13:33:25 LTM1 err tmm[12688]: 01220001:3: TCL error: /Common/APM_LOCAL_LOGGING_TEST1  - can't read "userid": no such variable     while executing "append log_msg "userid=$userid ""

Results from test1
After connecting to page I get “connection reset and the following log
Mar  5 13:36:03 LTM1 err tmm[12688]: 01220001:3: TCL error: /Common/APM_LOCAL_LOGGING_TEST2  - can't read "user": no such variable     while executing "append log_msg "user=$user ""