How to identify which iRule is vulnerable

Question

https://support.f5.com/csp/article/K15650046 &nbsp;need help to generate an error in logs inase an iRule is idtefied to be vulnerable

jaikumar_f5 · Answer

Hi Rajesh,&nbsp;You can easily find this by running a load verify command.&nbsp;#tmsh load sys config verify&nbsp;When you run the above command, it will verify all the configuration files, it will particularly verify our bigip.conf file. And wherever it sees this behavior it will throw the below entries,&nbsp;&lt;irule_name&gt;: warning: [use curly braces to avoid double substitution][&lt;Part_of_ irule_in_question&gt;].&nbsp;&nbsp;It will tell you the Irule name along with the line in which it is affected. Hope this helps.Also as explained in the article, not everything would be captured but most certainly will. As this is not a bug in the F5 or in the TCL. Its a recommendable coding practice I would say to avoid risks.

rajeshgoud · Answer

Is there any other way to alert in case there is a iRule error use curly braces to avoid double substitution

Forum Discussion

How to identify which iRule is vulnerable

2 Replies

AppWorld Berlin iRules Contest!

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

Recent Discussions

TCPDUMP in BigIP for traffic coming from distrbuited cloud.

Catch Dynamic CRL Errors and Return Friendly Page

Bot Defense causing a lot of false positives

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Adding my Product and support to bigF5 account

Related Content

OpenSSH vulnerability

Mitigating Log4j Vulnerability using F5 BIG-IP

BYOEDR, Undetectable backdoor, WhoFi, Cyberattack to airline, and Clickjacking vulnerability

Coordinated Vulnerability Disclosure: A Balanced Approach

ImageTragick - ImageMagick Remote Code Execution Vulnerability

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS