For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rhys_Peters_770's avatar
Rhys_Peters_770
Historic F5 Account
Feb 25, 2014

Table Add Command Killing Connection

I am using an internal virtual server to load balance ICAP servers. I need to be able to rewrite a HTTP URI based on an ICAP header. The best way I can see to so this is to use a session table. I have added the below iRule to the internal virtual server, but whenever I add the entry in the table I am unable to connect to the destination web service.

I have run traces and even when the application does not connect, the entry in the table appears as expected.

Is there a better way I should be adding this entry to the table?

when RULE_INIT {

   set static::icapTable_timeOut 300

          }

when ICAP_REQUEST {

 set index "[ICAP::header values X-Client-IP]%300_[TCP::client_port]"

      }

when ICAP_RESPONSE {

 set reason "[string tolower [ICAP::header values X-Block-Reason]]"

 if {$reason eq ""} {

         set reason "notBlocked!"

   }

   table add -subtable ::icapTable $index $reason $static::icapTable_timeOut $static::icapTable_timeOut

   }
application delivery
deployment
devops
iRules
LTM

1 Reply

  • IheartF5_45022's avatar
    IheartF5_45022
    Icon for Nacreous rankNacreous
    Feb 26, 2014

    Just a random guess, but that table name ::icapTable looks very suspicious - try a different name like "icapTable".

     

    Also just an FYI - subtables are actually less efficient than tables unless you have a requirement to count the entries, so unless you are doing more than is in the iRule above, I would just use a table with table name "ict_$index" (or somesuch).