For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dhaval_24359's avatar
dhaval_24359
Icon for Nimbostratus rankNimbostratus
Dec 16, 2008

event disable doesn't seem to disable Rule Processsing

  iRule "event disable" command doesn't seem to be working as described in the documentation.     From our understanding, when "event disable" is called for a specific event, no furthe...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Dec 17, 2008
Hi Dhaval ,

Can you add logging to the rules and post the log output? In a simple test with priority and event disable the result was okay: 

 
 rule event_disable_rule { 
    when HTTP_REQUEST priority 100 { 
       log local0. "Priority 100" 
       event disable all 
    } 
    when HTTP_REQUEST priority 200 { 
       log local0. "Priority 200" 
    } 
 } 
 

 
 rule event_disable2_rule { 
    when HTTP_REQUEST priority 201 { 
       log local0. "Priority 201" 
    } 
 }

Log output:

Dec 17 12:27:07 tmm tmm[1810]: Rule event_disable_rule : Priority 100

As expected, event disable prevents the second and third log statements from executing.

Also, you should be wary of taking any value from the host header and inserting it in a response header. This could be used in HTTP response splitting attacks (Click here).

Aaron