tmm error logs related to iRule

Hi Venkat,

 

 

I don't think the host will ever contain jsession. Are you wanting to check the HTTP path for a JSESSIONID? If so, you could change HTTP::host to HTTP::path.

 

 

As for the error, you can't have an iRule and/or profile attempt to send more than one redirect for the same HTTP request. Can you post the other iRule(s) you have enabled on the virtual server? Also, can you post your HTTP profile config using 'tmsh list ltm profile http HTTP_PROFILE_NAME'?

 

 

Aaron

Hi Aaron, Thanks for your reply.

 

 

This virtual server has 3 virtual server enabled as per the below order, (aslo pls let me know if the ordering right)

 

demo_redirect

 

when HTTP_REQUEST {

 

if { [HTTP::host] starts_with "demo.ssig"} {

 

HTTP::redirect https://xxxx.com[HTTP::uri] } elseif {

 

[HTTP::host] starts_with "demo.sbtinvestments"} {

 

HTTP::redirect https://xxxx.com[HTTP::uri] } elseif {

 

[HTTP::host] starts_with "demo.mywealth"} {

 

HTTP::redirect https://xxxx.com[HTTP::uri] }

 

}

 

 

afsdemo_80

 

when HTTP_REQUEST {

 

set host [string tolower [HTTP::host]]

 

if { $host contains "legentclearing" } then {

 

node x.x.x.x 8003

 

} elseif { $host contains "sterling" }{

 

node x.x.x.x 8019

 

} elseif { $host contains "admin.streamer2" }{

 

node x.x.x.x 8002

 

} elseif { $host contains "janney2" }{

 

node x.x.x.x 9001

 

}

 

}

 

 

 

redirect_http2https

 

when HTTP_REQUEST {

 

HTTP::redirect https://[HTTP::host][HTTP::uri]

 

}

 

 

It is using the default "http" profile, please find below the output for this

 

 

tmsh list ltm profile http http

 

ltm profile http http {

 

adaptive-parsing enabled

 

basic-auth-realm none

 

compress disabled

 

compress-allow-http-10 disabled

 

compress-browser-workarounds disabled

 

compress-buffer-size 4096

 

compress-content-type-exclude none

 

compress-content-type-include { text/ "application/(xml|x-javascript)" }

 

compress-cpu-saver enabled

 

compress-gzip-level 1

 

compress-gzip-memory-level 8k

 

compress-gzip-window-size 16k

 

compress-keep-accept-encoding disabled

 

compress-method-prefer gzip

 

compress-min-size 1024

 

compress-uri-exclude none

 

compress-uri-include none

 

compress-vary-header enabled

 

lws-width 80

 

max-header-size 32768

 

oneconnect-transformations enabled

 

pipelining enabled

 

ramcache disabled

 

ramcache-aging-rate 9

 

ramcache-cache-control-mode all

 

ramcache-insert-age-header enabled

 

ramcache-max-age 3600

 

ramcache-max-entries 10000

 

ramcache-object-max-size 50000

 

ramcache-object-min-size 500

 

ramcache-size 100

 

ramcache-uri-exclude none

 

ramcache-uri-include none

 

ramcache-uri-pinned none

 

response-chunking selective

 

}

two HTTP::redirect will be triggered when HTTP::host matches condition in demo_redirect rule.

you should add condition in redirect_http2https rule and make sure traffic won't match condition in demo_redirect rule at the same time.

[root@ve1023:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules {
      demo_redirect
      redirect_http2https
   }
   profiles {
      http {}
      tcp {}
   }
}
[root@ve1023:Active] config  curl -I http://demo.ssig/
HTTP/1.0 302 Found
Location: https://xxxx.com/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

[root@ve1023:Active] config  cat /var/log/ltm
Feb  3 05:55:45 local/tmm err tmm[4369]: 01220001:3: TCL error: redirect_http2https  - Operation not supported. Multiple redirect/respond invocations not allowed (line 1)     invoked from within "HTTP::redirect https://[HTTP::host][HTTP::uri]"

As Nitass shows you'll see the TCL error if both iRules try to send a redirect for the same request. As the two iRules are doing similar operations, I'd combine them into one iRule and use switch to evaluate the host header.

 

 

http://devcentral.f5.com/wiki/iRules.switch.ashx

 

 

Aaron