Forum Discussion
Nimbostratusinsert X-Forwarded-Proto log TCL error
Hello,
We have iRule applied to tcp/80 VS. In it under HTTP_REQUEST there are two switch commands and the second has default statement: default { HTTP::header insert X-Forwarded-Proto http }. Log says: "TCL error: /VS/iRule-test - Operation not supported (line 7) invoked from within "HTTP::header insert X-Forwarded-Proto http" ("default" arm line 2) invoked from within "switch -glob [string tolower [HTTP::uri]] { "/xxx" - "/zzz"..." "
Will appreciate if someone clearly explain why it doesn't work?
19 Replies
TortiCirrus
did you set the Quotation Marks on the right position? HTTP::header insert "X-Forwarded-Proto" "http"
Merlin_kv_17750tried HTTP::header insert X-Forwarded-Proto http and HTTP::header insert X-Forwarded-Proto "http" result the same- nitass
Employee
"TCL error: /VS/iRule-test - Operation not supported (line 7) invoked from within "HTTP::header insert X-Forwarded-Proto http" ("default" arm line 2) invoked from within "switch -glob [string tolower [HTTP::uri]] { "/xxx" - "/zzz"..." "
i do not think the error is about command syntax.
can you post the irule?
tmsh list ltm rule (name)- Merlin_kv_17750when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "url1.com" - "url2.com" { HTTP::respond 301 Location "http://www.url1.com[HTTP::uri]" Cache-Control "no-cache" } } switch -glob [string tolower [HTTP::uri]] { "uri1" - "uri2" - "/uri3/*" { HTTP::respond 301 "Location" "https://[HTTP::host][HTTP::uri]" Cache-Control "no-cache" } "/uri4/xxx/*" { IP::idle_timeout 7200 set update_serverside_idle_timeout 1 log local0. "updated timeout: [IP::idle_timeout]" } default { HTTP::header insert X-Forwarded-Proto http } } } all redirection works as should, even simultaneously.
- nitass_89166
Noctilucent
"TCL error: /VS/iRule-test - Operation not supported (line 7) invoked from within "HTTP::header insert X-Forwarded-Proto http" ("default" arm line 2) invoked from within "switch -glob [string tolower [HTTP::uri]] { "/xxx" - "/zzz"..." "
i do not think the error is about command syntax.
can you post the irule?
tmsh list ltm rule (name)- Merlin_kv_17750when HTTP_REQUEST { switch -glob [string tolower [HTTP::host]] { "url1.com" - "url2.com" { HTTP::respond 301 Location "http://www.url1.com[HTTP::uri]" Cache-Control "no-cache" } } switch -glob [string tolower [HTTP::uri]] { "uri1" - "uri2" - "/uri3/*" { HTTP::respond 301 "Location" "https://[HTTP::host][HTTP::uri]" Cache-Control "no-cache" } "/uri4/xxx/*" { IP::idle_timeout 7200 set update_serverside_idle_timeout 1 log local0. "updated timeout: [IP::idle_timeout]" } default { HTTP::header insert X-Forwarded-Proto http } } } all redirection works as should, even simultaneously.
- nitass_89166
i think request matches both HTTP::respond and HTTP::header insert commands.
configuration [root@ve11c:Active:In Sync] config tmsh list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 8 } [root@ve11c:Active:In Sync] config tmsh list ltm rule qux ltm rule qux { when HTTP_REQUEST { HTTP::respond 301 HTTP::header insert x http_cookie } } test [root@ve11c:Active:In Sync] config curl -I http://172.28.24.10 HTTP/1.0 301 Moved Permanently Server: BigIP Connection: Keep-Alive Content-Length: 0 /var/log/ltm [root@ve11c:Active:In Sync] config cat /var/log/ltm Jun 11 16:59:35 ve11c err tmm[10748]: 01220001:3: TCL error: /Common/qux - Operation not supported (line 1) invoked from within "HTTP::header insert x http_cookie"- Merlin_kv_17750is it possible to rewrite irule with if { both switches} and else { default action }? and to left possibility for execution both conditions simultaneously?
- nitass_89166can we just put return command after condition matches? return https://clouddocs.f5.com/api/irules/return.html
- Merlin_kv_17750do you mean return after first redirect?
- nitass
i think request matches both HTTP::respond and HTTP::header insert commands.
configuration [root@ve11c:Active:In Sync] config tmsh list ltm virtual bar ltm virtual bar { destination 172.28.24.10:80 ip-protocol tcp mask 255.255.255.255 pool foo profiles { http { } tcp { } } rules { qux } source 0.0.0.0/0 source-address-translation { type automap } vs-index 8 } [root@ve11c:Active:In Sync] config tmsh list ltm rule qux ltm rule qux { when HTTP_REQUEST { HTTP::respond 301 HTTP::header insert x http_cookie } } test [root@ve11c:Active:In Sync] config curl -I http://172.28.24.10 HTTP/1.0 301 Moved Permanently Server: BigIP Connection: Keep-Alive Content-Length: 0 /var/log/ltm [root@ve11c:Active:In Sync] config cat /var/log/ltm Jun 11 16:59:35 ve11c err tmm[10748]: 01220001:3: TCL error: /Common/qux - Operation not supported (line 1) invoked from within "HTTP::header insert x http_cookie"- Merlin_kv_17750is it possible to rewrite irule with if { both switches} and else { default action }? and to left possibility for execution both conditions simultaneously?
- nitasscan we just put return command after condition matches? return https://clouddocs.f5.com/api/irules/return.html
- Merlin_kv_17750do you mean return after first redirect?
Darren_Walker_2It says in the command documentation that the irule doesn't want to run HTTP::header insert after a HTTP::redirect: https://devcentral.f5.com/wiki/iRules.http__header.ashx
HTTP::header insert
If this command is executed after issuing the HTTP::redirect or HTTP::respond command, the F5 will become confused, generate an "Operation Not Supported" TCL error and reset the connection.
