Forum Discussion

Venkat_96088's avatar
Venkat_96088
Icon for Nimbostratus rankNimbostratus
Feb 02, 2012

tmm error logs related to iRule

Hi,

 

 

The below iRule when configured did not give any syntax error. However, in /var/log/ltm tmm err logs are getting generated continuously. Also there are pakcet drops detected in 1.1 and 1.2 interfaces.

 

 

Error:

 

Feb 2 06:09:50 local/tmm err tmm[8132]: 01220001:3: TCL error: xxx_IRule - Operation not supported. Multiple redirect/respond invocations not allowed (line 2) invoked from within "HTTP::redirect https://[HTTP::host][HTTP::uri]"

 

 

iRule:

 

 

when HTTP_REQUEST {

 

if { not ([string tolower [HTTP::host]] contains "jsession")}{

 

HTTP::redirect https://[HTTP::host][HTTP::uri]

 

}

 

}
  • Hi Venkat,

     

     

    I don't think the host will ever contain jsession. Are you wanting to check the HTTP path for a JSESSIONID? If so, you could change HTTP::host to HTTP::path.

     

     

    As for the error, you can't have an iRule and/or profile attempt to send more than one redirect for the same HTTP request. Can you post the other iRule(s) you have enabled on the virtual server? Also, can you post your HTTP profile config using 'tmsh list ltm profile http HTTP_PROFILE_NAME'?

     

     

    Aaron
  • Hi Aaron, Thanks for your reply.

     

     

    This virtual server has 3 virtual server enabled as per the below order, (aslo pls let me know if the ordering right)

     

    demo_redirect

     

    when HTTP_REQUEST {

     

    if { [HTTP::host] starts_with "demo.ssig"} {

     

    HTTP::redirect https://xxxx.com[HTTP::uri] } elseif {

     

    [HTTP::host] starts_with "demo.sbtinvestments"} {

     

    HTTP::redirect https://xxxx.com[HTTP::uri] } elseif {

     

    [HTTP::host] starts_with "demo.mywealth"} {

     

    HTTP::redirect https://xxxx.com[HTTP::uri] }

     

    }

     

     

    afsdemo_80

     

    when HTTP_REQUEST {

     

    set host [string tolower [HTTP::host]]

     

    if { $host contains "legentclearing" } then {

     

    node x.x.x.x 8003

     

    } elseif { $host contains "sterling" }{

     

    node x.x.x.x 8019

     

    } elseif { $host contains "admin.streamer2" }{

     

    node x.x.x.x 8002

     

    } elseif { $host contains "janney2" }{

     

    node x.x.x.x 9001

     

    }

     

    }

     

     

     

    redirect_http2https

     

    when HTTP_REQUEST {

     

    HTTP::redirect https://[HTTP::host][HTTP::uri]

     

    }

     

     

    It is using the default "http" profile, please find below the output for this

     

     

    tmsh list ltm profile http http

     

    ltm profile http http {

     

    adaptive-parsing enabled

     

    basic-auth-realm none

     

    compress disabled

     

    compress-allow-http-10 disabled

     

    compress-browser-workarounds disabled

     

    compress-buffer-size 4096

     

    compress-content-type-exclude none

     

    compress-content-type-include { text/ "application/(xml|x-javascript)" }

     

    compress-cpu-saver enabled

     

    compress-gzip-level 1

     

    compress-gzip-memory-level 8k

     

    compress-gzip-window-size 16k

     

    compress-keep-accept-encoding disabled

     

    compress-method-prefer gzip

     

    compress-min-size 1024

     

    compress-uri-exclude none

     

    compress-uri-include none

     

    compress-vary-header enabled

     

    lws-width 80

     

    max-header-size 32768

     

    oneconnect-transformations enabled

     

    pipelining enabled

     

    ramcache disabled

     

    ramcache-aging-rate 9

     

    ramcache-cache-control-mode all

     

    ramcache-insert-age-header enabled

     

    ramcache-max-age 3600

     

    ramcache-max-entries 10000

     

    ramcache-object-max-size 50000

     

    ramcache-object-min-size 500

     

    ramcache-size 100

     

    ramcache-uri-exclude none

     

    ramcache-uri-include none

     

    ramcache-uri-pinned none

     

    response-chunking selective

     

    }
  • two HTTP::redirect will be triggered when HTTP::host matches condition in demo_redirect rule.

    you should add condition in redirect_http2https rule and make sure traffic won't match condition in demo_redirect rule at the same time.

    [root@ve1023:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.19.79:80
       ip protocol 6
       rules {
          demo_redirect
          redirect_http2https
       }
       profiles {
          http {}
          tcp {}
       }
    }
    [root@ve1023:Active] config  curl -I http://demo.ssig/
    HTTP/1.0 302 Found
    Location: https://xxxx.com/
    Server: BigIP
    Connection: Keep-Alive
    Content-Length: 0
    
    [root@ve1023:Active] config  cat /var/log/ltm
    Feb  3 05:55:45 local/tmm err tmm[4369]: 01220001:3: TCL error: redirect_http2https  - Operation not supported. Multiple redirect/respond invocations not allowed (line 1)     invoked from within "HTTP::redirect https://[HTTP::host][HTTP::uri]"
    
    
  • As Nitass shows you'll see the TCL error if both iRules try to send a redirect for the same request. As the two iRules are doing similar operations, I'd combine them into one iRule and use switch to evaluate the host header.

     

     

    http://devcentral.f5.com/wiki/iRules.switch.ashx

     

     

    Aaron