For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JoeTheFifth's avatar
JoeTheFifth
Icon for Altostratus rankAltostratus
Mar 05, 2012

iRule Newbieee question

Hi Guys,

 

 

I'm using the irule mentioned here :

 

 

http://support.f5.com/kb/en-us/products/big-ip_ltm/releasenotes/product/relnotes_ve_10_1_0.htmlbigip_restrict

 

 

rule target_server_ssl { when CLIENT_ACCEPTED { virtual server_ssl_test } } pool b68_https { member 10.1.1.68:4443 } virtual client_ssl_test { destination 10.1.1.117:443 profile http clientssl tcp rule target_server_ssl } virtual server_ssl_test { destination 10.1.1.117:443 profile http serverssl tcp pool b68_https vlan none enable }

 

 

and it's giving me errors aven on line 1. I modified the erros with my ip addresses.

 

 

01070151:3: Rule [FullSLL_WiorkAround_redirect] error: line 1: [undefined procedure: rule] [rule target_server_ssl { when CLIENT_ACCEPTED { virtual server_ssl_test } }] line 6: [command is not valid in the current scope] [pool b68_https { member 192.168.0.12:443 }] line 7: [command is not valid in the current scope] [virtual client_ssl_test { destination 192.168.6.99:443 profile http clientssl tcp rule target_server_ssl }] line 12: [command is not valid in the current scope] [virtual server_ssl_test { destination 192.168.6.99:443 profile http serverssl tcp pool b68_https vlan none enable }]
application delivery
dev
devops
iRules

2 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Mar 05, 2012
    Hi Joe,

     

     

    This is the iRule portion you'd enter in the GUI when creating a new iRule:

     

     

    when CLIENT_ACCEPTED { virtual server_ssl_test }

     

     

    The rest is defining a pool, and two virtual servers. If you wanted to run these commands via the CLI, you could use these separate commands:

     

     

    rule target_server_ssl { when CLIENT_ACCEPTED { virtual server_ssl_test } }

     

     

    pool b68_https { member 10.1.1.68:4443 }

     

     

    virtual client_ssl_test { destination 10.1.1.117:443 profile http clientssl tcp rule target_server_ssl }

     

     

    virtual server_ssl_test { destination 10.1.1.117:443 profile http serverssl tcp pool b68_https vlan none enable }

     

     

    b save

     

     

    But instead of working around a trial version SSL limitation, I'd encourage you to get in touch with an F5 or partner SE and get a 45 day eval key for the LTM VE lab edition. This will allow you to run all the TMM modules and not deal with the trial version limitation.

     

     

    Aaron