cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

How to access an LTM Policy variable from an iRule ?

BLacaze
Altostratus
Altostratus

Hello,

I'm trying to set a variable in an LTM Policy like this:

 

0691T000008twF1QAI.png

 

But then: how can I access this variable from an iRule ?

 

The only information I find on support site/devcentral is: "Set variable: Sets a Tcl variable in the runtime environment."

 

Thanks

1 ACCEPTED SOLUTION

Simon_Blakely
F5 Employee
F5 Employee

First, the assignment needs to be [HTTP::method]

 

Your irule just needs to reference the connection variable that you assigned in the policy

 

when HTTP_REQUEST { log local0. "$policy_http_method" }

 

View solution in original post

4 REPLIES 4

Simon_Blakely
F5 Employee
F5 Employee

First, the assignment needs to be [HTTP::method]

 

Your irule just needs to reference the connection variable that you assigned in the policy

 

when HTTP_REQUEST { log local0. "$policy_http_method" }

 

Hi Simon,

thanks for your answer, but it still doesn't work. The irule fails with this log message:

Jul 2 07:35:09 f5-1 err tmm[20719]: 01220001:3: TCL error: /Common/syslog_https_test <HTTP_REQUEST> - can't read "policy_http_method": no such variable while executing "log local0. "$policy_http_method""

This is the beginning of the irule (I copy/pasted the variable name to make sure it's typo free):

when HTTP_REQUEST { set http_method "" if {[HTTP::has_responded]} { log local0. "$policy_http_method" set http_method $policy_http_method } else { set http_method [HTTP::method] }

To explain the context:

  • we have a logging irule which role is only to log traffic (you got this right Simon 😉 ) and send them to our syslog server. This irule gets [HTTP:method] and writes it to the log.
  • since we upgraded from v12 to v14, the irule now fails with this error ONLY when trying to log traffic which has been matched by an LTM policy.
Jul 1 16:39:36 f5-1 err tmm2[20719]: 01220001:3: TCL error: /Common/syslog_https_test <HTTP_REQUEST> - Can't call after responding - ERR_NOT_SUPPORTED (line 14) invoked from within "HTTP::method"

So I feel the only nice way to log this traffic is to pass the value of HTTP::method to the irule. But no luck for now 😞

 

OK, my bad, I found it... of course I had to put the logging policy rule on top in the policy list !

It's working now, thanks ! 🙂

Great - and yes - you need to shift anything from the HTTP:: object into variables before you trigger any HTTP:: redirection/respond.

 

Basically, once you have used HTTP::redirect/respond (or the LTM policy equivalents), the entire HTTP:: object is invalidated, and cannot be accessed (apart from HTTP::has_responded)