Forum Discussion

sain014_80857's avatar
sain014_80857
Icon for Nimbostratus rankNimbostratus
Aug 04, 2017

iRule Error - 'Denying user - Redirecting Userid :' found

I'm seeing the below error in our LTM as below.

 

err tmm2[12408]: 01220001:3: TCL error: /Common/Fraud_iRule - can't read "name": no such variable while executing "switch -glob -- $name { txtUserid { set userid $value } txtTok* { set deny_user 1 } }" ("foreach" body line 3) invoked from within "foreach parameter [split $parameters &] { scan $parameter {%[^=]=%s} name value switch -glob -- $name { txtUserid { set us..."

 

 

and below is the iRule which I have configured

 

when HTTP_REQUEST { if { [HTTP::method] == "POST" && [HTTP::path] contains "/bql" } { if {[HTTP::header "Content-Length"] > 5242880} { HTTP::collect 5242880 } else { HTTP::collect [HTTP::header Content-Length] } log local0. "[HTTP::uri] Content Length is [HTTP::header Content-Length]" } } when HTTP_REQUEST_DATA { log local0. "[HTTP::uri]" log local0. "[HTTP::payload]" set parameters [HTTP::payload] foreach parameter [split $parameters &] { scan $parameter {%[^=]=%s} name value switch -glob -- $name { txtUserid { set userid $value } txtTok* { set deny_user 1 } } } if { [info exists deny_user] } { log local0. "Denying user - Redirecting Userid $userid to ; HTTP::redirect https://www.test.com/Log_On_Error.htm } else { HTTP::release } }

 

Please advise.

 

iRules
LTM
security
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus
    Aug 04, 2017

    You might want to put "scan" in a condition:

    when HTTP_REQUEST { 
    if { [HTTP::method] == "POST" && [HTTP::path] contains "/bql" } { 
        if {[HTTP::header "Content-Length"] > 5242880} { 
            HTTP::collect 5242880 
        } else { 
            HTTP::collect [HTTP::header Content-Length] 
        }
        log local0. "[HTTP::uri] Content Length is [HTTP::header Content-Length]"
    }   
}   

when HTTP_REQUEST_DATA { 
    log local0. "[HTTP::uri]" 
    log local0. "[HTTP::payload]" 
    set parameters [HTTP::payload] 

    foreach parameter [split $parameters &] { 
        if { [scan $parameter {%[^=]=%s} name value] == 2 } {
            switch -glob -- $name { 
                txtUserid { 
                    set userid $value     
                }   
                txtTok* { 
                    set deny_user 1
                }   
            }
        }
    }   

    if { [info exists deny_user] } { 
        log local0. "Denying user - Redirecting Userid $userid to https://www.test.com/Log_On_Error.htm"; 
        HTTP::redirect https://www.test.com/Log_On_Error.htm 
    } else { 
        HTTP::release 
    }
}