Forum Discussion

TNY_122436's avatar
TNY_122436
Icon for Nimbostratus rankNimbostratus
Jul 05, 2013

Http Trace Deny

Hi, I'm trying to upgrade version 10 to 11 but there is an error pointing back to an irule that is causing an upgrade failure. I've then since taken the irule out but trying to paste it back but it returns me this error. Does anyone know what is causing this error?

 

Error:

 

01070151:3: Rule [/Common/HTTP_trace_deny] error: Unable to find value_list (sec_http_methods) referenced at line 12: [matchclass [HTTP::method] equals $::sec_http_methods]

 

iRule:

 

 

when RULE_INIT {

 

set sec_http_methods [list "CONNECT" "DELETE" "HEAD" "OPTIONS" "PUT" "TRACE"]

 

}

 

 

when HTTP_REQUEST {

 

if { [matchclass [HTTP::method] equals $::sec_http_methods] } {

 

reject

 

}

 

}

 

application delivery
dev
devops
iRules

3 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jul 05, 2013
    You've set a non-CMP local variable in RULE_INIT and trying to access it like a global variable. Try this: 

    
when RULE_INIT {
  set static::sec_http_methods [list "CONNECT" "DELETE" "HEAD" "OPTIONS" "PUT" "TRACE"]
}
when HTTP_REQUEST {
  if { [lsearch $static::sec_http_methods [HTTP::method]] ne -1 } {
    reject
  }
}

    You're also evaluating a list element, so you should use a list function (lsearch).

  • TNY_122436's avatar
    TNY_122436
    Icon for Nimbostratus rankNimbostratus
    Jul 05, 2013

    Thanks Kevin. Your code seems to work fine. The weird thing is we have another F5 guest on the same code version and the original irule seems to be working there.