Forum Discussion

RiverFish's avatar
RiverFish
Icon for Altostratus rankAltostratus
Dec 20, 2019

iRule error: Bad IP address format

I'm using the following iRule and getting the error below. In the second log entry you can see the fqdn is there but the IP is missing after the "and":

Dec 20 19:47:25 slot2/USEMC-APNADC001 info tmm2[20236]: Rule /Common/sitesender-header-whitelist <CLIENT_ACCEPTED>: Client 10.12.6.3 is allowed

Dec 20 19:47:25 slot2/USEMC-APNADC001 info tmm2[20236]: Rule /Common/sitesender-header-whitelist <HTTP_REQUEST>: HTTP request FQDN and dst IP: controlbiz.us.lvm.com and 

Dec 20 19:47:25 slot2/USEMC-APNADC001 err tmm2[20236]: 01220001:3: TCL error: /Common/sitesender-header-whitelist <HTTP_REQUEST> - bad IP address format (line 1)   invoked from within "node $ip 443"

when CLIENT_ACCEPTED {
  if { [class match [IP::client_addr] eq "sitesender-nifi-whitelist" ] }{
     log local0. "Client [IP::client_addr] is allowed"
    return
  } else {
     log local0. "Client [IP::client_addr] was dropped"
    drop
  }
}
when HTTP_REQUEST {
if { [HTTP::header exists "X-DEST-FQDN"] } {
    set fqdn [HTTP::header "X-DEST-FQDN"]
    set ip [RESOLV::lookup -a $fqdn]    
    log local0. "HTTP request FQDN and dst IP: $fqdn and $ip"
    node $ip 443
} else {
    log local0. "No X-DEST-FQDN header found"
    drop
    return
} 
}
  • JG's avatar
    JG
    Icon for Cumulonimbus rankCumulonimbus

    You might want to validate the value of the header first before trying to resolve it.