Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

Mack_Hanson_107's avatar
Mack_Hanson_107
Icon for Nimbostratus rankNimbostratus
Oct 26, 2005

Error Handling, Test condition for variables

Is there some way to trap errors, so that the end-user doesn't experience pain? Whenever I refer to variable that isn't yet instantiated, BIGIP returns null, which in browser results in a JavaScript p...
application delivery
dev
devops
irules
Joe_Pruitt's avatar
Joe_Pruitt
Oct 26, 2005
There are several ways you can avoid this runtime error from occuring.

1. Force set the variable to an empty string in the HTTP_REQUEST event and check if it's not an empty string in the HTTP_RESPONSE event.

when HTTP_REQUEST {
  set uri_path         [HTTP::uri]
  set sslsessionid ""
  if {[regexp {^(/login)(.)*?$} $uri_path] == 1} {  
     set ssl session id, in the website login section
    set sslsessionid [SSL::sessionid]
  }  
}
when HTTP_RESPONSE {
  retrieve previously stored ssl session id, from any website section
  if { "" ne $sslsessionid } {
    set sslid [session lookup ssl $sslsessionid]
  }
}

2. Use the "info exists" command to check if the variable is defined before trying to access it.

when HTTP_REQUEST {
  set uri_path         [HTTP::uri]
  if {[regexp {^(/login)(.)*?$} $uri_path] == 1} {  
     set ssl session id, in the website login section
    set sslsessionid [SSL::sessionid]
  }  
}
when HTTP_RESPONSE {
  retrieve previously stored ssl session id, from any website section
  if { [info exists sslsessionid] and {"" ne $sslsessionid} } {
    set sslid [session lookup ssl $sslsessionid]
  }
}

The later is probably more optimal as it doesn't require the variable to be initialized every connection.

Also, I threw in an extra check for an empty string in there just to be safe.

You can get the docs on the "info exists" command in the TCL Reference manual at SourceForge

http://tmml.sourceforge.net/doc/tcl/

Click here

-Joe