Forum Discussion

Bryan_Thibodeau's avatar
Bryan_Thibodeau
Icon for Nimbostratus rankNimbostratus
Apr 10, 2017

Character not legal in expression?

Hello Everyone,

 

Thanks in advance for the help! I'm trying to use an iRule in my AP to check current sessions in progress for members of a certainn LDAP group, and then check a custom max-concurrent-sessions per that group and action accordingly. Each LDAP group gets different resources assigned as well as RDs and this iRule event is the last event before my Allow. I'm currently getting the following error when trying to save the iRule:

 

01070151:3: Rule [/Common/Limit_1_Test3_APM] error: /Common/Limit_1_Test3_APM:7: error: [parse error: PARSE syntax 405 {syntax error in expression "[ACCESS::policy result] equals 'allow' [llength $apm_cookie_...": character not legal in expressions}][{[ACCESS::policy result] equals 'allow' [llength $apm_cookie_list] >= $max_sessions}]

 

application delivery
BIG-IP Access Policy Manager (APM)
iRules
security
  • Bryan_Thibodeau's avatar
    Bryan_Thibodeau
    Icon for Nimbostratus rankNimbostratus
    Apr 10, 2017

    iRule in question:

     

    when CLIENT_ACCEPTED { ACCESS::restrict_irule_events disable } when ACCESS_POLICY_COMPLETED { set max_sessions 3 set apm_username [ACCESS::session data get session.logon.last.username] set apm_cookie_list [ ACCESS::uuid getsid "[PROFILE::access name].$apm_username" ] log local0. "[PROFILE::access name].$apm_username => session number [llength $apm_cookie_list]" if {[ACCESS::policy result] equals 'allow' [llength $apm_cookie_list] >= $max_sessions} { ACCESS::session remove ACCESS::respond 302 location "/vdesk/hangup.php3" } }

     

  • Josiah_39459's avatar
    Josiah_39459
    Historic F5 Account
    Apr 10, 2017

    this line doesn't make sense to me

     

    if {[ACCESS::policy result] equals 'allow' [llength $apm_cookie_list] >= $max_sessions}

     

    are you missing an 'and'? or what are you trying to check here with this if statement?

     

  • Cory_O's avatar
    Cory_O
    Icon for Cirrus rankCirrus
    Apr 10, 2017

    Hi Bryan,

    Consider perhaps splitting up your if statement with an AND? I'm not sure it will be able to compute all the criteria together as it is.

    Example:

    if { ([ACCESS::policy result] equals 'allow') AND ([llength $apm_cookie_list] >= $max_sessions) }

    Hope that helps...

    -Cory

  • Bryan_Thibodeau's avatar
    Bryan_Thibodeau
    Icon for Nimbostratus rankNimbostratus
    Apr 10, 2017

    Hi Josiah,

     

    I just tried an AND statement but that didn't help. The purpose of the statement is to check the list apm_cookie_list, and evaluate if more then two entries (>= 2) exists, after the Access policy result is allow.

     

    Bryan