Forum Discussion
NimbostratusIRULE: TCL Error when trying to invoke STREAM expression.
So recently I created a https front-end to a http application so I could put a SSO apm policy on the front-end for external entities to access the site. I then realized that the application developer's hard coded absolute links into the sites code pointing to http. So I tried putting a generic stream profile on the Virtual Server and using the irule off devcentral to rewrite the link's on the responses back to the user. However when I try to do this I receive this tcl error in the logs and it breaks my virtual server.
TCL error: /Common/http_rewrite_https - Operation not supported (line 1) invoked from within "STREAM::expression {@http://test.com@https://test.com@}"
Here is the irule that I'm using off of Devcentral.
when HTTP_REQUEST {
HTTP::header remove Accept-Encoding
STREAM::disable
}
when HTTP_RESPONSE {
if { [HTTP::header exists Location] } {
HTTP::header replace Location [string map {"http://" "https://"} [HTTP::header Location]]
}
if { [HTTP::header Content-Type] contains "text" } {
STREAM::expression {@http@https@}
STREAM::enable
}
}13 Replies
APSame issue in 11.6. Layered VS with LTM-Steam in front also worked for me, though I'd prefer a tidier solution.
Martin_RobbinsHello, I know this has been around a while but the single VS solution I use is to place a catch around the stream disable and only enable the stream when the policy is in the allow state using a flag:
when CLIENT_ACCEPTED { set disableStream 1 } when HTTP_REQUEST { catch { STREAM::disable } } when ACCESS_ACL_ALLOWED { set disableStream 0 } when HTTP_RESPONSE { if { $disableStream } { return } : rest of STREAM code : }We no longer have errors, hope it helps.
giltjr_32735I'm fairly sure you have to disable stream in HTTP_RESPONSE if you are going to replace/update the string.
I believe that STREAM replacement is enabled in both directions (inbound on REQUEST and outbound on RESPONSE) but they are treated independently. So you have to disable on both.
