Forum Discussion
Cirrustcl error, when modifying http response
Hi guys,
We need a custom response for a dedicated validation (XML violation). For this case I did expand the irule with the following lines:
when ASM_REQUEST_BLOCKING {
set x [ASM::violation_data]
log local0. "blocked XML request with violation: [lindex $x 0]"
if { [lindex $x 0] == "VIOLATION_XML_WSDL" } {
HTTP::header remove Content-Length
set response "mycustom response..."
ASM::payload replace 0 [ASM::payload length] ""
ASM::payload replace 0 0 $response
}
}
If I test this, everything is ok, but sometimes I can see the following line in the log:
TCL error: /Common/ContManIrule - Illegal argument. Can't execute in the current context. (line 4) invoked from within "HTTP::header remove Content-Length" invoked from within "if { [lindex $x 0] == "VIOLATION_XML_WSDL" } { HTTP::header remove Content-Length set response "..."
The log entry return: "Rule /Common/ContManIrule : blocked XML request with violation: VIOLATION_XML_WSDL"
Has anyone an idea whats wrong?
Thx
7 Replies
uni_87886Cirrostratus
It looks to me like it is saying that the HTTP::header command is not allowed within the ASM_REQUEST_BLOCKING event. Kind of strange, given that the example on the ASM_REQUEST_BLOCKING page does just this.
Perhaps enclose some of the code in try/catch, and do some extra logging of the payload when it fails.
- uni_87886Unrelated, but you should use 'contains' not '==' to test for the violation, as [lindex $x 0] is a comma separated list of violations
TortiThe problem is, that I cannot reproduce the error. I did add some extra log and changed to 'contains'. The 'contains' is a little bit strange, because in the wiki is the violation filed described as String. And I did never see a comma seperated list in the log, here. But it really looks like the system has some trouble with the HTTP::header command within the ASM_REQUEST_BLOCKING event. I tried "if { [HTTP::header exists Content-Length] } {}" before removing the header, but then I SOMETIMES get the TCL error: Illegal argument. Can't execute in the current context. (line 1) invoked from within "HTTP::header exists Content-Length"
uniAltocumulus
It looks to me like it is saying that the HTTP::header command is not allowed within the ASM_REQUEST_BLOCKING event. Kind of strange, given that the example on the ASM_REQUEST_BLOCKING page does just this.
Perhaps enclose some of the code in try/catch, and do some extra logging of the payload when it fails.
- uniUnrelated, but you should use 'contains' not '==' to test for the violation, as [lindex $x 0] is a comma separated list of violations
- TortiThe problem is, that I cannot reproduce the error. I did add some extra log and changed to 'contains'. The 'contains' is a little bit strange, because in the wiki is the violation filed described as String. And I did never see a comma seperated list in the log, here. But it really looks like the system has some trouble with the HTTP::header command within the ASM_REQUEST_BLOCKING event. I tried "if { [HTTP::header exists Content-Length] } {}" before removing the header, but then I SOMETIMES get the TCL error: Illegal argument. Can't execute in the current context. (line 1) invoked from within "HTTP::header exists Content-Length"
- Torti
I did put a catch statement around all, thx for the advice. Perhaps, I will open a case later.
