Forum Discussion
New iRule Warnings with BIG-IP 12.0.0
I just upgraded to BIG-IP 12 from version 11.5.3. It seems that mcpd now throws morning warning and validation messages than before:
/Common/TST-IHS-Access-Rule:276: warning: [The following errors were not caught before. Please correct the script in order to avoid future disruption. "unexpected token(s): ' X-AO-ssodbg 4'"16199 300][ACCESS::respond 200 content " 1740 Access has been denied with the username and password that were entered. " Content-Type "text/xml;charset=ISO-8859-1" X-AO-ssodbg 4]
/Common/TST-IHS-Access-Rule:285: warning: [The following errors were not caught before. Please correct the script in order to avoid future disruption. "unexpected token(s): ' X-AO-ssodbg 6'"17216 79][ACCESS::respond 401 WWW-Authenticate "Basic realm=\"foobar.com\"" X-AO-ssodbg 6]
Since under prior release this iRule works perfectly fine, I don't understand that the unexpected token(s) phrase is error on. Specifically what are the integer values after the X-AO-ssodbg 4 and X-AO-ssodbg 6?
Here are the source lines from the iRule that match this error message:
276:
ACCESS::respond 200 content " 1740 Access has been denied with the username and password that were entered. " Content-Type "text/xml;charset=ISO-8859-1" X-AO-ssodbg 4
285:
ACCESS::respond 401 WWW-Authenticate "Basic realm=\"foobar.com\"" X-AO-ssodbg 6
5 Replies
Hi Walther,
X-AO-ssodbg 4 and X-AO-ssodbg 6 are both custom HTTP headers which where implemented by the developer of this iRule.
I guess the integers are refering to the well knwon severity level? But only the autor knows for sure...
Severity 4 = Warning (aka. Access Denied) Severity 6 = Informational (aka. Login Required)
You could probably stop the log entries by changing the code to "X-AO-ssodbg" "4" and "X-AO-ssodbg" "6". Or if those debugs lines are not required anymore, then simply remove them... 😉
Cheers, Kai
- Walter_Kacynski
Cirrostratus
I wrote this rule and the value of X-AO-ssodbg does not matter syntactically. I tried quoting the value and the header name itself and there is no change. I have this same syntax used in multiple places in the irule and it only throws a warning on these two lines. I tried removing the hyphens and still no change.
- Walter_Kacynski
Cirrostratus
This is a bug with ACCESS::respond only in that version 12.0.0 is only allowing for a single HTTP header to be inserted. This is being tracked as BUG ID 572519
- Nicolas_COLLET
Nimbostratus
Hi,
I have the same warning message in BIG IP v13.0 HF2 :
warning: [The following errors were not caught before. Please correct the script in order to avoid future disruption. "unexpected token(s) at NO.4 argument"1407 163][ACCESS::respond 403 -version "1.1" "Access-Control-Allow-Origin" [HTTP::header "Origin"] \ "Access-Control-Allow-Credentials" "true"]
I try to do this :
ACCESS::respond 403 -version "1.1" "Access-Control-Allow-Origin" [HTTP::header "Origin"] \ "Access-Control-Allow-Credentials" "true"
But apparently, it's work correctly.
In v12, this BUG ID 572519 appear and documented, but not in v13.0 :
- Release note v12 : 572519-1 : More than one header name/value pair not accepted by ACCESS::respond
- Release note v13 : Release Information: Hotfixes: BIG-IP 13.0.0
So if F5 person can explain it's this bug appear always in v13 or not ?
Best regards
- Nicolas_COLLET
Nimbostratus
Hi,
I confirm that this problem is solved in version 13.1.0. We tested on our side with version 13.1.0.2
Best regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com