Forum Discussion
Kenji_Matsuura_
Nimbostratus
NimbostratusiRule to insert cookie when there is external site cookie on the APM
Hi,all
I've created a iRule such as the following.
- Check wheter there is "SMSESSION" Cookie.
- If there is "SMSESSION" Cookie, Insert the same Cookie at the time of the Portal Access.
It was successful in the insert of Cookie, but an error such as the following appeared on the /var/log/ltm.
Oct 24 16:38:36 ra-bip2000s-test err tmm[9529]: 01220001:3: TCL error: /Common/a_sap - Illegal argument. Can't execute in the current context. (line 1) invoked from within "HTTP::header insert "Cookie" "SMSESSION=$ca_auth""
Please verify the below irule and advise me for any modification.
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events disable
}
when HTTP_REQUEST {
if { ( [HTTP::cookie exists SMSESSION] ) } {
set ca_auth [findstr [HTTP::header cookie] "SMSESSION=" "10" ";"]
set ca_flag 1
} else {
set ca_flag 0
}
}
when REWRITE_REQUEST_DONE {
if { $ca_flag == 1 } {
HTTP::header insert "Cookie" "SMSESSION=$ca_auth"}}
Regards,
9 Replies
kunjanCouldn't find anything incorrect in the iRule and in my test as well it works fine.
Which version are you trying? Try a simple iRule to see if the err still occurs
when REWRITE_REQUEST_DONE { HTTP::header insert "Cookie" "SMSESSION=10" }
Kenji_Matsuura_Thank you fou your help, kunjan. I'm using APM version 11.4.1HF5. I tried your iRule, but error occurred. The error does not always occur , it occurs at the time of access to a particular site. Is there any other way to insert the cookie at the time of Portal Access? Regards,
kunjan_118660Cumulonimbus
Couldn't find anything incorrect in the iRule and in my test as well it works fine.
Which version are you trying? Try a simple iRule to see if the err still occurs
when REWRITE_REQUEST_DONE { HTTP::header insert "Cookie" "SMSESSION=10" }- Kenji_Matsuura_Thank you fou your help, kunjan. I'm using APM version 11.4.1HF5. I tried your iRule, but error occurred. The error does not always occur , it occurs at the time of access to a particular site. Is there any other way to insert the cookie at the time of Portal Access? Regards,
- kunjan_118660
Not sure why the error, may be can try replace instead and also some logging to see what so unique here:
when REWRITE_REQUEST_DONE { log local0. "Request URI = [HTTP::uri]" foreach x [HTTP::header names] { log local0. "Request header($x) = [HTTP::header $x]" } HTTP::header replace "Cookie" "SMSESSION=10" }- Kenji_Matsuura_Unfortunately, the error still occured. Error is as follows. *Such as IP Address is different from the actual. (100.100.100.100 is APM, 200.200.200.200 is target of Portal Access) In addition, because the Cookie other than SMSESSION to use, "Cookie replace" is not available. I think that there is a bug in the "REWRITE_REQUEST_DONE". Is there any other way? --------------------------------------------------------------------------------------------------------------- Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request URI = /xxx.js?AAAAAAAAAA Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Accept) = */* Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Accept-Language) = ja-JP,en;q=0.7,zh-CN;q=0.3 Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Referer) = https://test/xxx Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(User-Agent) = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Host) = test Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Connection) = Keep-Alive Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(session-id) = 00891ef2 Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(session-key) = f842ca4f07d174e8c147b28300891ef2 Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(username) = testuser Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Cookie) = SMSESSION=KRE0kMe1hYqqxTIKL366D9T3Qb9wEsvR5nc9b0gwQCSH8O Oct 25 19:28:08 apm err tmm[9526]: 01220001:3: TCL error: /Common/test - Illegal argument. Can't execute in the current context. (line 1) invoked from within "HTTP::uri" Oct 25 19:28:08 apm err tmm[9526]: 01230140:3: RST sent from 100.100.100.100:22629 to 200.200.200.200, [0x1897b4b:1290] {peer} iRule execution error Oct 25 19:28:08 apm err tmm[9526]: 01230140:3: RST sent from 100.100.100.100:22629 to 200.200.200.200, [0x1892ed2:1379] TCP 3WHS rejected Oct 25 19:28:08 apm err tmm[9526]: 01230140:3: RST sent from 100.100.100.100:22629 to 200.200.200.200, [0x1892ed2:1379] TCP 3WHS rejected ---------------------------------------------------------------------------------------------------------------
- kunjan
Not sure why the error, may be can try replace instead and also some logging to see what so unique here:
when REWRITE_REQUEST_DONE { log local0. "Request URI = [HTTP::uri]" foreach x [HTTP::header names] { log local0. "Request header($x) = [HTTP::header $x]" } HTTP::header replace "Cookie" "SMSESSION=10" }- Kenji_Matsuura_Unfortunately, the error still occured. Error is as follows. *Such as IP Address is different from the actual. (100.100.100.100 is APM, 200.200.200.200 is target of Portal Access) In addition, because the Cookie other than SMSESSION to use, "Cookie replace" is not available. I think that there is a bug in the "REWRITE_REQUEST_DONE". Is there any other way? --------------------------------------------------------------------------------------------------------------- Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request URI = /xxx.js?AAAAAAAAAA Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Accept) = */* Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Accept-Language) = ja-JP,en;q=0.7,zh-CN;q=0.3 Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Referer) = https://test/xxx Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(User-Agent) = Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Host) = test Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Connection) = Keep-Alive Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(session-id) = 00891ef2 Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(session-key) = f842ca4f07d174e8c147b28300891ef2 Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(username) = testuser Oct 25 19:28:08 apm info tmm[9526]: Rule /Common/test : Request header(Cookie) = SMSESSION=KRE0kMe1hYqqxTIKL366D9T3Qb9wEsvR5nc9b0gwQCSH8O Oct 25 19:28:08 apm err tmm[9526]: 01220001:3: TCL error: /Common/test - Illegal argument. Can't execute in the current context. (line 1) invoked from within "HTTP::uri" Oct 25 19:28:08 apm err tmm[9526]: 01230140:3: RST sent from 100.100.100.100:22629 to 200.200.200.200, [0x1897b4b:1290] {peer} iRule execution error Oct 25 19:28:08 apm err tmm[9526]: 01230140:3: RST sent from 100.100.100.100:22629 to 200.200.200.200, [0x1892ed2:1379] TCP 3WHS rejected Oct 25 19:28:08 apm err tmm[9526]: 01230140:3: RST sent from 100.100.100.100:22629 to 200.200.200.200, [0x1892ed2:1379] TCP 3WHS rejected ---------------------------------------------------------------------------------------------------------------
- kunjan
How does the logs look like when the iRule execution is good? 'replace' option suggested is just for testing to see if the problem if it is due to 'insert.'
