Forum Discussion
Kevin_Leicht_51
Aug 14, 2012Nimbostratus
iRule not working since upgrading to 11.2
Apologies if a similar question has been asked and answered. I searched the forum but couldn't find anything. I have an irule that references a data group for blocking spiders by user-agent (I copied it from a rule posted previously on DevCentral). The rule is:
when HTTP_REQUEST {
if { [matchclass [HTTP::header "User-Agent"] contains $::UserAgentBlacklist ] } {
drop
return }
}
The Data Group is a string data gorup called UserAgentBlacklist with a series of entries:
80legs
snitch
Yandex
discobot
....
It worked nicely in 10.2, but after upgrading to 11.2, I'm getting:
tmm err tmm[11342]: 01220001:3: TCL error: /Common/UserAgent-Blacklist_irule - can't read "::UserAgentBlacklist": no such variable while executing "matchclass [HTTP::header "User-Agent"] contains $::UserAgentBlacklist
Any chance it's something obvious in the syntax that's changed with 11.x?
- Richard__HarlanHistoric F5 AccountYou need to convert over to class command the matchclass command is deprecated in v10. it is a easy change
- nitassEmployeee.g.
when HTTP_REQUEST { if { [class match -- [HTTP::header "User-Agent"] equals UserAgentBlacklist ] } { drop } }
- Kevin_Leicht_51NimbostratusWow, that was toooo easy. Thanks so much for the exceptionaly quick reply!! I made the change and it's working great. Cheers!
- hoolioCirrostratusIt was the $:: prefix breaking the iRule on 11.x.
when HTTP_REQUEST { if { [class match -- [string tolower [HTTP::header "User-Agent"]] equals UserAgentBlacklist ] } { drop } }
- Kevin_Leicht_51NimbostratusAhh, that's a good idea. Thanks, I'll do that.
- Jon_Strabala_46NimbostratusLet me clarify things Richard Harlan said:
backup up the config cp -p /config/bigip.conf /config/bigip.conf.sav make sure '::' only exists in iRULEs blocks grep '::' /config/bigip.conf.sav alter the syntax to 11.X CMP compliance via a sed pipeline cat /config/bigip.conf.sav | \ sed -e 's/set ::/set static::/g' | \ sed -e 's/incr ::/incr static::/g' | \ sed -e 's/info exists ::/info exists static::/g' | \ sed -e 's/\$::/$static::/g' | \ sed -e 's/\$static::g_dg/g_dg/g' > \ /tmp/bigip.conf.new Manually change old “matchclass” to new “class match” for more performance on my data groups grep 'matchclass' | grep g_dg /config/bigip.conf.new if { [matchclass [IP::client_addr] equals g_dg_handset] } { if { [matchclass [IP::client_addr] equals g_dg_other] } { if { [matchclass [IP::client_addr] equals g_dg_dongle] } { use “vi” editor alter the above to 'class match' vi /tmp/bigip.conf.new verify change grep 'class match' /config/bigip.conf if { [class match [IP::client_addr] equals g_dg_handset] } { if { [class match [IP::client_addr] equals g_dg_other] } { if { [class match [IP::client_addr] equals g_dg_dongle] } { install and make active this 10.2.0 syntax, in 11.x you need to use a tmsh command cp /tmp/bigip.conf.new /config/bigip.conf b load
- Kevin_Leicht_51NimbostratusI ended up going with:
when HTTP_REQUEST { if { [class match [string tolower [HTTP::header "User-Agent"]] contains UserAgentBlacklist ] } { drop } }
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects