Forum Discussion
NimbostratusMultiple redirect/respond invocations not allowed ¿¿??
Hi.
We are trying to configure/add the following irules in a vserver.
With the fist one irule we are looking for to limit concurrent user sessions using JSESSIONID cookie in our vserver. If concurrent session limit is reached (now we are testing with a limit of 5 sessions), end users are redirected to a waiting room page.
when HTTP_REQUEST {
set subtableName "limitesesiones-[virtual name]"
set sessionCookieName "JSESSIONID"
; test cookie presence
if { [HTTP::cookie exists $sessionCookieName] } {
set client_id [HTTP::cookie $sessionCookieName]
set sessiondata [table lookup -subtable $subtableName $client_id]
if { $sessiondata != "" } {
log local0. "Valid session $client_id"
return
}
}
log local0. "There is no session. Have we reach connection limit? (Max 5 Clients)"
set sessionCount [table keys -subtable $subtableName -count]
log local0. "Current session count is $sessionCount..."
if { $sessionCount < 5 } {
We arent on connection limit
Si existe la cookie if JSESSIONID cookie exist, a new entry is added on session table
if { [HTTP::cookie exists $sessionCookieName] } {
set sessionValue "[IP::client_addr]:[TCP::client_port]"
table add -subtable $subtableName $client_id $sessionValue 600
log local0. "New entry ($client_id) with $sessionValue value y Timeout 600"
}
} else {
log local0. "We are under session limit, REDIRECTED TO WAITING ROOM"
HTTP::redirect "http://[HTTP::host]/wroom/w_room.html"
}
}The second one irule is used to implement/show waiting room page, because this page is showed by LTM and main page HTML code and graph has been imported into LTM with data groups:
when HTTP_REQUEST {
set prefijo_raiz "/wroom"
if { [HTTP::uri] starts_with "$prefijo_raiz" } {
set uri [string map [list $prefijo_raiz ""] [HTTP::uri]]
log local0. "la uri es $uri"
switch -- $uri {
"/" -
"/w_room.html" {
HTTP::respond 200 content [class element -name 0 w_room_html_class] "Content-Type" "text/html" noserver
}
"/w_room_files/logo.gif" {
HTTP::respond 200 content [b64decode [class element -name 0 logo_gif_class]] "Content-Type" "image/gif" noserver
}
default {
HTTP::respond 404 content "Unrecognized request to [HTTP::uri]" "Content-Type" "text/html" noserver
}
}
return
}
}Well, when both irules are added to our vserver, session count tracking logic seems to work fine. However, when session limit is reached and redirection to waiting room has to be done, sometimes waiting room is not showed and the following error is logged in /var/log/ltm:
Apr 1 08:46:14 slot1/LTMPRE1 err tmm1[7756]: 01220001:3: TCL error: /Common/connection_limit - Operation not supported. Multiple redirect/respond invocations not allowed (line 30) invoked from within "HTTP::redirect "http://[HTTP::host]/wroom/sala_espera.html""
Anybody knows why this error is logged? Anybody could tell me what am I doing wrong?
Thanks in advance.
3 Replies
IheartF5_45022Nacreous
Hi - my first thought is that perhaps you do not have oneconnect enabled? Try enabling the oneconnect profile.
U_franco_117956Hi. Thanks for your response. Yes, oneconnect profile is enabled on our vserver.
I think that the HTTP::redirect is executed twice because the rate limit iRule section is probably added to the configuration first and, the HTTP::redirect is not terminating the HTTP_REQUEST event.
1) I would use event priorities so that the waiting room section is executed first. This ensures that if the URI is "waitingroom", no rate limiting takes place and therefore no redirect. The lower numbered priority are execute first. https://devcentral.f5.com/wiki/iRules.priority.ashx
when HTTP_REQUEST priority 100 { waiting_room_section } when HTTP_REQUEST priority 200 { rate_limit_section }2) Use a "return" or "event disable" immediately after the "HTTP::redirect".
BTW: check out this awesome iRule which is similar to what you are doing. https://devcentral.f5.com/articles/implementing-the-exponential-backoff-algorithm-to-thwart-dictionary-attacks.Uzv_0LRL-KI
HTH
