Forum Discussion
NimbostratusIrule doesn't work between versions 12.1.3 and 14.0.0.3
I had an Irule that was working in version 12.1.3 when I upgraded to version 14.0.0.3 I had to remove the iRule in order for the the upgrade to be able to proceed. The error I get is 01070151:3: Rule [/Common/test_tableau] error: Unable to find value_list (/_lccc) referenced at line 6: [class match $client_ip equals /_lccc]
the /***_lccc is a datagroup that contains acceptable IP's
when HTTP_REQUEST {
set low_uri [string tolower [HTTP::uri]]
set client_ip [IP::client_addr]
rule for LCCC
if { $low_uri eq "/t/lccc/" } then {
if { [class match $client_ip equals /*****_lccc] } then {
Let the request pass...
} else {HTTP::respond 403 content "Access Denied"}
rule for wwcc
} elseif { $low_uri eq "/t/wwcc/" } then {
if { [class match $client_ip equals /*****_wwcc] } then {
Let the request pass...
} else {HTTP::respond 403 content "Access Denied"}
rule for nwccd
} elseif { $low_uri eq "/t/nwccd/" } then {
if { [class match $client_ip equals /*****_nwccd] } then {
Let the request pass...
} else {HTTP::respond 403 content "Access Denied" }
rule for base level of site (MUST HAVE ALL DATAGROUPS IN THIS RULE)
} elseif { $low_uri eq "/" } then {
if { ( [class match $client_ip equals /*****_lccc] )
or ( [class match $client_ip equals /*****_wwcc] )
or ( [class match $client_ip equals /*****_nwccd] )} then {
Let the request pass...
} else {
HTTP::respond 403 content "Access Denied"
}
} else {
Let the request pass...
}
}
Thanks!
3 Replies
I suspect the BIG-IP system is balking at the names of your datagroups. They contain some very special characters. Notice the system seems to be interpreting the name "/_lccc" as just "/_lccc" and that datagroup almost certainly does exist. (I tried creating a data group with the name "/_lccc with v14.1 and it would not save.)
Can you check to see if your datagroups are actually listed and, more importantly, can the names be changed so that they don't include special characters? In general, limiting to alphanumeric characters and dashes or underscores is the best bet.
shipszkyAltocumulus
Sorry I should have typed this a little better, I was using an asterisk to redact some info from the file, so let me re-post this a little better,
01070151:3: Rule [/Common/testtesttest] error: Unable to find value_list (/abc_lccc) referenced at line 6: [class match $client_ip equals /abc_lccc]
when HTTP_REQUEST { set low_uri [string tolower [HTTP::uri]] set client_ip [IP::client_addr] rule for LCCC if { $low_uri eq "/t/lccc/" } then { if { [class match $client_ip equals /abc_lccc] } then { Let the request pass... } else {HTTP::respond 403 content "Access Denied"} rule for wwcc } elseif { $low_uri eq "/t/wwcc/" } then { if { [class match $client_ip equals /abc_wwcc] } then { Let the request pass... } else {HTTP::respond 403 content "Access Denied"} rule for nwccd } elseif { $low_uri eq "/t/nwccd/" } then { if { [class match $client_ip equals /abc_nwccd] } then { Let the request pass... } else {HTTP::respond 403 content "Access Denied" } rule for base level of site (MUST HAVE ALL DATAGROUPS IN THIS RULE) } elseif { $low_uri eq "/" } then { if { ( [class match $client_ip equals /abc_lccc] ) or ( [class match $client_ip equals /abc_wwcc] ) or ( [class match $client_ip equals /abc_nwccd] )} then { Let the request pass... } else { HTTP::respond 403 content "Access Denied" } } else { Let the request pass... } }- boneyard
MVP
did you solve this? i still have this to check on but you might have already tackled it.
i do wonder why you use /, i can imagine /parition/, but why just / ?
