For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

kk1's avatar
kk1
Icon for Nimbostratus rankNimbostratus
Jun 04, 2019
Solved

iRules how can I get to custom error message?

Hi guys,

 

Please can you help with an issue I have.

 

We have a website that has certification, there is a requirement to SSL enable the communication to our website.

 

On BIG-IP LTM, we neet to limit a request up to 10 connections, if so, we want to response a custom error code "ErrCode=E91099991" .

 

However, because of not using SSL termination, we got a error message on iRules window below,

HTTP_REQUEST event in rule (/Common/rule.SITE) requires an associated HTTP or FASTHTTP profile on the virtual server (/Common/vs.SITE.HTTPS)

 

************************************************

when RULE_INIT {

  set ::active_connections_site 0

  set ::html_content "ErrCode=E91099991"

}

 

when CLIENT_ACCEPTED {

  set site_over_limit 0

  set ::site_maxConnection [class get SITE_MAX_TCP_CONNECTION]

 

  if { $::active_connections_site <= [lindex $::site_maxConnection 0] } {

  incr ::active_connections_site 1

 } else {

 set site_over_limit 1

  } 

}

 

when HTTP_REQUEST {

  if { $site_over_limit }{

   HTTP::respond 200 content $::html_content

   TCP::close

  }

}

 

when CLIENT_CLOSED {

  if { ($site_over_limit == 0) and ($::active_connections_site > 0) } {

   incr ::active_connections_site -1

  }

}

************************************************

 

SITE_MAX_TCP_CONNECTION = 10

 

 

How can I response a custom error code?

 

Any help greatly appreciated.

 

cheers,

 

Lio,

application delivery
BIG-IP
iRules
  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Jun 04, 2019

    Firstly, you should not be using global variables, these are prefixed with the double colon. These cause a CMP demotion

    https://support.f5.com/csp/article/K13033

    # do not set variables in the global namespace
set ::foo bar
 
# set in the local scope
set foo bar

    Additionally I would be cautious setting variables in RULE_INIT as they will only be initialised when TTM or the iRule is reloaded. As you've used global variables, $::active_connections_site will only reset to 0 under these two conditions.

    The error message you received is because you are using the event HTTP_REQUEST and attempting to use an HTTP response without an HTTP profile assigned to the virtual server . You will also need to add an client-ssl profile to the virtual server if this is using port TCP/443

    Lee

1 Reply

  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Icon for Nacreous rankNacreous
    Jun 04, 2019

    Firstly, you should not be using global variables, these are prefixed with the double colon. These cause a CMP demotion

    https://support.f5.com/csp/article/K13033

    # do not set variables in the global namespace
set ::foo bar
 
# set in the local scope
set foo bar

    Additionally I would be cautious setting variables in RULE_INIT as they will only be initialised when TTM or the iRule is reloaded. As you've used global variables, $::active_connections_site will only reset to 0 under these two conditions.

    The error message you received is because you are using the event HTTP_REQUEST and attempting to use an HTTP response without an HTTP profile assigned to the virtual server . You will also need to add an client-ssl profile to the virtual server if this is using port TCP/443

    Lee