Forum Discussion

Historic F5 Account

Dec 13, 2011

The EVAL command

Hi all, I am testing the eval command and want to generate an error if my input script contains an error. My test code is as follows: set cmd "if { \[HTTP::uri\] starts_with \"/h...

Nimbostratus

Jul 19, 2017

is there any news on this one?

using eval for this, as spark suggests, is dangerous in my eyes:

eval "HTTP::respond 302 Location http://new.example.com $headers"

what if headers contain user input? someone could inject commands...

or what if anyone would use it for a response including content:

eval "HTTP::respond 200 content $content"

what if the content contains user input?

i think introducing the {*}-command is the only way to enable safe argument expansion.

i did a

[info patchlevel]

on big ip 13.0.0. tcl version is still 8.4.6.

is big ip expected to move to 8.5 in the near future?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

The EVAL command

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Is it possible to create a Single Pool with multiple ports ?

F5 object groups in AFM

Round-robin method not load balanced

F5 ASM with fortisandbox

Disabling signature for a URL

Related Content

WAF evasion techniques for Command Injection

Power of tmsh commands using Ansible

Watch Command

DNS Resolution with the RESOLVER::name_lookup Command

Knowledge sharing: Velos and rSeries (F5OS) basic troubleshooting, logs and commands

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS