For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Demonio_21719's avatar
Demonio_21719
Icon for Nimbostratus rankNimbostratus
Oct 27, 2015

TCL error: command returned bad code: 24 while executing (11.6.1-HF5)

Good morning, with version 11.6.0 - HF5 this error occurs within the irule: HTTP_REQUEST It could be a bug? ... We believe that the cause is no line breaks or synthesis.

 

The error is this: TCL error: /Common/Common/SSL_Test:12 - command returned bad code: 24 while executing " /_hst name and ?_hst=1 parameter triggers client cert renegotiation switch [HTTP::uri] { "/extern/test.jsp" - "/SO/..."

 

when HTTP_REQUEST {
        set uri [string tolower [HTTP::uri] ]
         /_hst name and ?_hst=1 parameter triggers client cert renegotiation
         switch [HTTP::uri] {
            "/extern/test.jsp" -
            "/SO/services/dat" -
            "/Ex/services/pay" {
                if { !$renegtried && [SSL::cert count] == 0 } {    
                    log local0. "[IP::client_addr]:[TCP::client_port]: A log entry"
                     Collecting means buffering the request. The collection goes on
                     until SSL::renegotiate occurs, which happens after the HTTP
                     request has been received. The maximum data buffered by collect
                     is 1-4 MB.
                    HTTP::collect
                    set collecting 1
                    SSL::cert mode request
            SSL::renegotiate enable
            SSL::renegotiate
                    pool FIRST_POOL_SSL
                    SSL::enable serverside
                    log local0. "WITH FIRST POOL"
                }    
                "/extern/test.jsp" {
                    pool FIRST_POOL_SSL
                    SSL::cert mode request
            SSL::renegotiate enable
                    log local0. "WITH FIRST POOL"
                }
                "/abc" {
                    if { [string tolower [HTTP::host]] eq "www.test.es"] } {
                        HTTP::redirect "https://www.test.es/test1/"
                    }
                }
                default {
                    if { [string tolower [HTTP::host]] eq "www.test.es" } {
                        HTTP::redirect "https://www.test.es[HTTP::uri]"
                    }
                    else {
                        SSL::disable serverside
            SSL::renegotiate disable
                        log local0. "WITH SECOND POOL"
                }
            }
        } 
}

Thank you

 

application delivery
deployment
devops
iRules
LTM

2 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Oct 27, 2015

    I'm seeing two syntax errors:

    You're missing the closing curly bracket for the

    "/Ex/services/pay" {

    condition, and you have an extra square bracket at the end of

    [string tolower [HTTP::host]] eq "www.test.es"]