error after adding new irule

Question

hello , we are getting below error in logs , iR_XFF_RewriteOrInsert irule was working fine before we placed new irule Http
error 
TCL error: iR_XFF_RewriteOrInsert - Operation not supported (line 4) invoked from within "HTTP::header insert X-Forwarded-For [substr [IP::client_addr] 0 "%"]&nbsp;
existing irule when HTTP_REQUEST { 
  if {[HTTP::header exists X-Forwarded-For]}{ 
    HTTP::header replace X-Forwarded-For [substr [IP::client_addr] 0 "%"] 
  } else { 
     HTTP::header insert X-Forwarded-For [substr [IP::client_addr] 0 "%"] 
  } 
 }
new irule added last week to function with existing irule
 when HTTP_REQUEST { if {([class match [IP::remote_addr] equals whitelist]) } { pool Pool_1 } else { HTTP::respond 503 content [b64decode [class element -name 0 DG_MAINTENANCE_HTML]] "Content-Type" "text/html" } }&nbsp;

kevin_stewart · Answer

First, the error should only be manifesting when the client source doesn't match your whitelist data group, where you subsequently send a 503. In the order that you have your iRules applied to the VIP (assuming new one on top), you're potentially sending a 503 response (an egress mechanism) BEFORE attempting to add a header to the ingress stream. You should be able to solve this two ways:

Re-order the iRules in your VIP configuration, or

Apply priority tags to the HTTP_REQUEST events to force a specific order, like this:
when HTTP_REQUEST priority 50 { 
    if { [HTTP::header exists X-Forwarded-For] } { 
        HTTP::header replace X-Forwarded-For [substr [IP::client_addr] 0 "%"] 
    } else { 
        HTTP::header insert X-Forwarded-For [substr [IP::client_addr] 0 "%"] 
    } 
}

when HTTP_REQUEST priority 100 { 
    if { ( [class match [IP::client_addr] equals whitelist] ) } { 
        pool Pool_1 
    } else { 
        HTTP::respond 503 content [b64decode [class element -name 0 DG_MAINTENANCE_HTML]] "Content-Type" "text/html" 
    } 
}

amit_128525 · Answer

thanks for reply Kevin I have reordered the irules but we are still recieving errors . 
Mon Jan 6 09:48:44 GMT 2014 err local/tmm3 tmm3[6222] 01220001 TCL error: iR_XFF_RewriteOrInsert  - Operation not supported (line 4) invoked from within "HTTP::header insert X-Forwarded-For [substr [IP::client_addr] 0 "%"]"&nbsp;

nitass · Answer

would you mind changing the existing irule to something like this?
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule xff
ltm rule xff {
    when HTTP_REQUEST_SEND {
  clientside {
    HTTP::header remove X-Forwarded-For
    HTTP::header insert X-Forwarded-For [substr [IP::client_addr] 0 "%"]
  }
}
}

torti · Answer

you could try "event disable all" behind the HTTP::respond
HTTP::respond 503 content [b64decode [class element -name 0 DG_MAINTENANCE_HTML]] "Content-Type" "text/html" 
event disable all

amit_128525 · Answer

its resolved with chsnging the sequence of the irules I was not doing it on all the VS earlier . Apology for time and thanks for help&nbsp;

F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

error after adding new irule

5 Replies

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

can't access on prem dns when using F5LTM as a gateway

Issue with TLS Version 1.1 Deprecated Protocol

Service discovery is not happening in AS3

Load balanced RDP VIP use in APM

Deleting an AS3 Tenant

Related Content

BIG-IQ : Error when adding device

Error post F5 upgrade

Error While Adding Peer Devices to Local Trust Domain

error code 503 redirect irule

DEVICE-0202 Error while adding rSeries as a provider in CM

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS