Forum Discussion

Akshay_SK's avatar
Akshay_SK
Icon for Nimbostratus rankNimbostratus
Jan 16, 2020

Catch an error in iRule execution

I would like some help in handling errors in an iRule. Below is the code snippet upto which I have been able to achieve, but haven't been able to get the desired results.   when HTTP_REQUEST { ...
BIG-IP
error
iRules
security
Philippe_CLOUP's avatar
Philippe_CLOUP
Icon for Employee rankEmployee
Jan 16, 2020

Hi Akshay,

i would have created the iRule differently, as more or less, is the remoteip is not found (meaning that there is no X-Forwarded-For in your headers), you can avoid doing the "catch" and this part of the code.

Anyhow, the way i modified your code a bit is as follow:

when HTTP_REQUEST {
 
   #If XFF exists then change Source IP to the first IP that you find in XFF which is the origin. Check this at the very start.
   if { [HTTP::header values "X-Forwarded-For"] ne "" } {
       set remoteip [getfield [HTTP::header X-Forwarded-For] "," 1]
   }
 
   catch {
 
           if { [class match $remoteip equals MY_BLACKLIST_IPS] && not [class match $remoteip equals MY_PROXY_IPS] } {
               # reject the request here.
            log local0. "Request is rejected here."
            reject
            return
           }
       } my_error
    if { $my_error ne ""} then {
       log local0. "Error found in the iRule process ${my_error}"
    }
 
}

the following test provides the following logs:

curl http://MY_VS_IP:80
 
ltm log :
Rule /Common/myirule <HTTP_REQUEST>: Error found in the iRule process can't read "remoteip": no such variable
 '
-----------
 
curl -H "X-Forwarded-For: 2.3.4.5" http://MY_VS_IP:80
 
nothing in the ltm log (as expected)