Forum Discussion
NimbostratusIRULE: TCL Error when trying to invoke STREAM expression.
So recently I created a https front-end to a http application so I could put a SSO apm policy on the front-end for external entities to access the site. I then realized that the application developer's hard coded absolute links into the sites code pointing to http. So I tried putting a generic stream profile on the Virtual Server and using the irule off devcentral to rewrite the link's on the responses back to the user. However when I try to do this I receive this tcl error in the logs and it breaks my virtual server.
TCL error: /Common/http_rewrite_https - Operation not supported (line 1) invoked from within "STREAM::expression {@http://test.com@https://test.com@}"
Here is the irule that I'm using off of Devcentral.
when HTTP_REQUEST {
HTTP::header remove Accept-Encoding
STREAM::disable
}
when HTTP_RESPONSE {
if { [HTTP::header exists Location] } {
HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header Location]]
}
if { [HTTP::header Content-Type] contains "text" } {
STREAM::expression {@http@https@}
STREAM::enable
}
}13 Replies
- nitass
Employee
what version are you running? is it 11.x?
What_Lies_Bene1Cirrostratus
Do you have a stream profile assigned to the VS this rule is, with no source or target strings specified?
- What_Lies_Bene1
Can you try adding 'value' to this line please;
if { [HTTP::header value Content-Type] contains "text" } { - nitass
can you try to not use apm? there is a bug in 10.x but it is already fixed in 11.x.
- nitass
sorry i know nothing about apm. anyway, i believe another guy will give you a hand. :)
by the way, this is the bug i mentioned.
sol12558: The BIG-IP APM system logs an error message when processing iRule stream events on an internal URI
https://support.f5.com/kb/en-us/solutions/public/12000/500/sol12558.html - Kevin_Stewart
That SOL made me chuckle a little. It hadn't occurred to me to use a layered VIP to fix this, and I'm not 100% convinced that it couldn't be solved without it. I do know that the problem indicated in the SOL is still there in 11.5 and that it only manifests (oddly) under certain visual policy configurations. So in any case, a layered VIP should indeed solve the issue. Put an LTM VIP on the outside, with your STREAM processing iRule, and send the traffic to an internal APM VIP. You could alternately put the APM VIP on the outside and the LTM VIP with STREAM iRule on the inside.
- giltjr
Although I am only running LTM V10 I use quotes instead of the curly brackets:
STREAM::expression "@http@https@"
- lnxgeek
MVP
I tried using the solution sol12558 (version 11.5.1) but when using Network Access it will fail, when using a LTM frontend forwarding to a APM backend virtual. What seems to work for me is using the opposite sandwich with apm as frontend and ltm as backend.
I've tried to find the course but all I could tell was that the request "GET /isession?sess=xxxxxxxxxxxxx&ipv4=yes&ipv6=yes HTTP/1.0" is truncated, or only half answered, when using a ltm frontend.
Zeeshan_Ahmad_1Do you have any other irule applied to the same virtual server?
APSame issue in 11.6. Layered VS with LTM-Steam in front also worked for me, though I'd prefer a tidier solution.
