Forum Discussion
Abed_AL-R
Cirrostratus
CirrostratusiRule error - bad IP address format (line x)
I just deployed this irule:
when HTTP_REQUEST {
if { [HTTP::header exists "X-Forwarded-For"] } {
set client_ip [HTTP::header value "X-Forwarded-For"]
set fromCountry [whereis $client_ip country]
if { ( [class match $fromCountry equals Blocked_Countries]) }{
drop
}
}
}
And I'm getting this error in /var/log/ltm:
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 2) invoked from within "whereis $client_ip country"
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 3) invoked from within "whereis $client_ip country"
I saw this article but not sure enough how to implement it in my irule
https://support.f5.com/csp/article/K15450552
Could you please advise on this?
Thanks
SamirMVP
Here X-Forwarded-For Value is coming in String and you are changing to IP:Addr that the reason getting error.
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 2) invoked from within "whereis $client_ip country" TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 3) invoked from within "whereis $client_ip country"Below iRule has not tested but try it
when HTTP_REQUEST { if { [HTTP::header exists "X-Forwarded-For"] } { set client_ip [HTTP::header insert X-Forwarded-For] log local0. "$client_ip" set fromCountry [whereis $client_ip country] if { ( [class match $fromCountry equals Blocked_Countries]) }{ drop } } }
Abed_AL-RHi Samir
The irule I used is mentioned here, and I just copied it
https://support.f5.com/csp/article/K43383890
it is working fine, but only sometimes it is droping this error.
I will try your solution and update you
Update#2 : I tried your irule, it is droping the error I mentioned all the time. So it did not solve the issue.
Update#3 : I also tried the ASKF5 team recommendation:
set fromCountry [whereis [IP::addr $client_ip mask "255.255.255.255"] country]But it did not work out. error still showup sometimes in CLI
TCL error: /parition/irule_XFF <HTTP_REQUEST> - bad IP address format (line 1) invoked from within "IP::addr $client_ip mask "255.255.255.255""I will try to contact F5 support to check if they can help with this.
- T-Trust
Hi Abed_AL-R,
I hope this result test will help you, So i think this case require 2 step
1. We have to update geo-database from F5, Please refer link below
https://cloud-ttrust.com/f5-how-to-install-and-update-ip-geolocation-database/
2. Please follow step on link below for case iRules checl x-forward-for and query geo-database for check blacklist country
https://cloud-ttrust.com/f5-irules-check-http-x-forward-for-and-country/
Thanks you
- Abed_AL-R
This is basically the same irule I was using
And our GeoLocation database is up to date. I updated it last week.
- Abed_AL-R
If anyone still intersted
This F5 TAC answer:
'X-Forwarded-For' can have two different IPs (to be fair, it can have any value, there are no restrictions):
This is an example where there are two IPs:
Jun 27 15:08:57 BigIP info tmm2[15377]: Rule /partition1/iRule_1 <HTTP_REQUEST>: Bad IP address format for IP: 77.124.162.82, 66.249.81.254And this is an example of try to use log 4j: (i deleted the log4j command because the forum security settings won't let me)
Jun 27 15:10:34 slot2 info tmm6[4764]: Rule /partition1/iRule1 <HTTP_REQUEST>: Bad IP address format for IP: ...xforwardedfor.caspq8k5fu0ihqo00010b8g4moc5isrqx.oast.pro}, 95.181.161.126We catched those values after we added those lines to the iRule:
if { [catch { whereis [IP::addr $client_ip mask "255.255.255.255"] country } errText] } { log local0. "Bad IP address format for IP: $client_ip" drop
Good Luck
