Forum Discussion
NimbostratusDynamic Value iRule
NimbostratusThanks Niels for suggestions, but still can not redirect from 1st URL to 2nd URL.
I have checked use curl command and log that appear when trying to access 1st URL.
172.16.4.65 is IP of virtual server
====================================================================================
[admin@waf-dummy:Active:Changes Pending] ~ # curl -v --resolve example.com:80:192.168.1.1 https://example.com/uat/data/value
* Added example.com:80:192.168.1.1 to DNS cache
* Trying 172.16.4.65...
* Connected to example.com (172.16.4.65) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=*.example.co.id
* start date: Mar 9 09:24:19 2023 GMT
* expire date: Apr 9 09:24:18 2024 GMT
* subjectAltName: ws.jict.co.id matched
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
* SSL certificate verify ok.
> GET /uat/data/value HTTP/1.1
> Host: example.com
> User-Agent: curl/7.47.1
> Accept: */*
>
* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
* Closing connection 0
curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
[admin@waf-dummy:Active:Changes Pending] ~ # tail -f /var/log/ltm
Feb 27 09:39:36 waf-dummy err tmm2[19053]: 01220001:3: TCL error: /Common/IRULE-REDIRECT-GBOSS-DATA <HTTP_REQUEST> - Can't call after responding - ERR_NOT_SUPPORTED (line 1) invoked from within "HTTP::host"
Feb 27 09:39:36 waf-dummy err tmm3[19053]: 01220001:3: TCL error: /Common/IRULE-REDIRECT-GBOSS-DATA <HTTP_REQUEST> - Can't call after responding - ERR_NOT_SUPPORTED (line 1) invoked from within "HTTP::host"
Feb 27 09:39:36 waf-dummy err tmm[19053]: 01220001:3: TCL error: /Common/IRULE-REDIRECT-GBOSS-DATA <HTTP_REQUEST> - Can't call after responding - ERR_NOT_SUPPORTED (line 1) invoked from within "HTTP::host"
====================================================================================
is there something that I should check again?
Yes, you should disable evulation of this or other attached iRule(s) when the HTTP::respond is triggered in the (first) iRule. For more information see: https://clouddocs.f5.com/api/irules/event.html and this post: https://community.f5.com/t5/technical-articles/irules-disabling-event-processing/ta-p/277009
Also see this function: HTTP::has_responded (f5.com)
- nramadan
I have tried to add "event disable" on iRule, still got same error, is there any addition again to the iRule?
What about policies? Policies can also interfere with your existing iRule. Could you share the entire iRule and your virtual server config?
