For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

SV2022's avatar
SV2022
Icon for Cirrus rankCirrus
Feb 21, 2024
Solved

Irule Table lookup

when http request{

 set tls_cache_table "tls_cache_[virtual name]_[IP::client_addr]_[SSL::sessionid]

[table lookup $tls_cache_table] == 1 }{
        set tlsenforce_allow 1

}

i have not posted the complete URL

i suppose the output for set would be tls_cache_example_vs_192.168.1.100_abcd1234.

but in next line i could see we have a lookup for the above output with value = 1.

 

what does it mean 

irule
  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Feb 25, 2024

    It checks if there if $tls_cache_table is equal to 1.

    Check the example iRule below.

    when HTTP_REQUEST {
    set entry "entry_1"
    set entry2 "entry_2"
    
    # add entry2 to table
    table set $entry 1
    table set $entry2 "somevalue"

    if { [table lookup $entry] == 1 }{
        log local0. "Entry $entry found and equals 1"
    }
    else {
        log local0. "Entry $entry not found or doesn't equal 1"
    }
    
    if { [table lookup $entry2] == 1 }{
        log local0. "Entry $entry2 found and equals 1"
    }
    else {
        log local0. "Entry $entry2 not found or doesn't equal 1"
    }
}

    And the below output.

    Feb 25 10:46:24 bigipa info tmm[11337]: Rule /Common/irule_table <HTTP_REQUEST>: Entry entry_1 found and equals 1
Feb 25 10:46:24 bigipa info tmm[11337]: Rule /Common/irule_table <HTTP_REQUEST>: Entry entry_2 not found or doesn't equal 1

2 Replies

  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Icon for MVP rankMVP
    Feb 25, 2024

    It checks if there if $tls_cache_table is equal to 1.

    Check the example iRule below.

    when HTTP_REQUEST {
    set entry "entry_1"
    set entry2 "entry_2"
    
    # add entry2 to table
    table set $entry 1
    table set $entry2 "somevalue"

    if { [table lookup $entry] == 1 }{
        log local0. "Entry $entry found and equals 1"
    }
    else {
        log local0. "Entry $entry not found or doesn't equal 1"
    }
    
    if { [table lookup $entry2] == 1 }{
        log local0. "Entry $entry2 found and equals 1"
    }
    else {
        log local0. "Entry $entry2 not found or doesn't equal 1"
    }
}

    And the below output.

    Feb 25 10:46:24 bigipa info tmm[11337]: Rule /Common/irule_table <HTTP_REQUEST>: Entry entry_1 found and equals 1
Feb 25 10:46:24 bigipa info tmm[11337]: Rule /Common/irule_table <HTTP_REQUEST>: Entry entry_2 not found or doesn't equal 1
    • SV2022's avatar
      SV2022
      Icon for Cirrus rankCirrus
      Feb 25, 2024

      Hi ,

       

      thank you.. i do not see table set in out irule.so i don't think it is actually functioning.

      what if there are 2 events in single irule client_accepted and followed by HTTP_Request in single irule.

      when clinet_accepted{

      }

      Priority 10

      when HTTP_request

      {

      }

       

      which will be executed first? .I have an understanding that priority will work only when we have multiple irules in single VS and it will not work within a single IRULE