Forum Discussion

Cirrus

Jul 12, 2018

Connections to pool are failing when iRule is applied

Hi guys, I have a strange issue going on a production F5. This iRule was running fine until people started to report that the Pool members are not getting any traffic. I quickly removed the follo...

application delivery

LTM

Lee_Sutcliffe

Nacreous

Jul 12, 2018

I have had experiences of variables set in CLIENTSSL_CLIENTCERT not being available in HTTP_REQUEST, especially if the client SSL profile doesn't always require the certificate. It's usual to write these values to the session table in these types of requests to avoid this issue. I can advise on this if it's something you'd like help with.

For now, try changing your HTTP_REQUEST event to this to check if the $cn variable exists before trying to use it as your iRule may be generating a TCL error.

when HTTP_REQUEST {
    if {([info exists cn]) && ($cn ne "")} {
        HTTP::header insert "X-dev" $cn
        if { $static::XDEV_DEBUG_LOCAL } { 
            log local0. "INSERTED XDEV-HEADER for client [IP::client_addr]: $cn"}
        if { $static::XDEV_DEBUG_REMOTE } { 
            HSL::send $hsl "INSERTED XDEV-HEADER for client [IP::client_addr]: $cn"}
    } else {
        log local0. "cn variable does not exist, header not inserted"
    }
}

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)