Forum Discussion

Karim's avatar
Karim
Icon for Cirrostratus rankCirrostratus
Jan 23, 2018

Using "table" iRule command inside the ACESS_SESSION_CLOSED APM event

Hello everyone,

I'm in version 13.1.0.2 and I'm facing an issue when using the "table" iRule command with the ACCESS_SESSION_CLOSED event :

This is an LTM+APM deployement (web application access)

I have an empty access policy ( start --> allow )

I have associated the following iRule to the virtual server :

when ACCESS_SESSION_STARTED {
 if { [table lookup "toto"] != "" } {
    log local0. "found !" 
 } else {
    log local0. "not found !" 
 }
}
when ACCESS_SESSION_CLOSED { 
    table set "toto" "myData" 1800
    log local0. "adding toto to the shared table !"
}

I noticed that whenever I kill a perticular session and re establish a new session, the entry is never found in the table (I have choosen a 30min timeout so that I can easly disconnect and reconnect without having the entry times out)

After further testing I noticed that whenever I use the "table" command in the ACCESS_SESSION_CLOSED , this entry is deleted right after the session is closed.

I found this article K58224211 which describe a known bug, however it should be fixed since version 12.0.0. (btw I also performed the same test in 12.1.2 and 12.1.3 with the same result)

am I missing somehting in my iRule ? or did I just hit a new bug ?

Any help would be apriciated

many thanks,

access_session_closed
application delivery
BIG-IP Access Policy Manager (APM)
security
table
  • Ryan77777's avatar
    Ryan77777
    Icon for Altocumulus rankAltocumulus
    Jan 25, 2018

    This article doesn't have a whole lot of information, but it seems like what you have should be working to me (with the limited amount of knowledge I have about the system).

    I would think you'd be ok here but something to think about: "Important: This event is triggerred outside of flow context (similar to RULE_INIT) when a session goes away. The iRule commands which require a flow context (for e.g. TCP, HTTP and SSL commands) can not be used in this event."

    If you use a subtable does it make a difference? If we're going down the bug path... then little changes like this might get you around that. Not saying it's a bug... but if it is, then perhaps this may help.

    when ACCESS_SESSION_STARTED {
    if { [table lookup -notouch -subtable  "toto"] != {} } {
        log local0. "found !" 
    } else {
        log local0. "not found !" 
    }
}
when ACCESS_SESSION_CLOSED { 
    table add -subtable  "toto" "data" 1800
    log local0. "adding toto to the shared table !"
}