For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

rajeshgoud's avatar
rajeshgoud
Icon for Altostratus rankAltostratus
Sep 20, 2019

How to identify which iRule is vulnerable

https://support.f5.com/csp/article/K15650046   need help to generate an error in logs inase an iRule is idtefied to be vulnerable
application delivery
BIG-IP
jaikumar_f5's avatar
jaikumar_f5
Icon for Noctilucent rankNoctilucent
Sep 23, 2019

Hi Rajesh,

 

You can easily find this by running a load verify command.

 

#tmsh load sys config verify

 

When you run the above command, it will verify all the configuration files, it will particularly verify our bigip.conf file. And wherever it sees this behavior it will throw the below entries,

 

<irule_name>: warning: [use curly braces to avoid double substitution][<Part_of_ irule_in_question>]

 

It will tell you the Irule name along with the line in which it is affected. Hope this helps.

Also as explained in the article, not everything would be captured but most certainly will. As this is not a bug in the F5 or in the TCL. Its a recommendable coding practice I would say to avoid risks.