iRule error - bad IP address format (line x)

Abed_AL-R · ‎04-Apr-2022

I just deployed this irule:

when HTTP_REQUEST {
    if { [HTTP::header exists "X-Forwarded-For"] } {
         set client_ip [HTTP::header value "X-Forwarded-For"]
         set fromCountry [whereis $client_ip country]
         if { ( [class match $fromCountry equals Blocked_Countries]) }{
                drop
        }
   }
}

And I'm getting this error in /var/log/ltm:

TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 2)     invoked from within "whereis $client_ip country"
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 3)     invoked from within "whereis $client_ip country"

I saw this article but not sure enough how to implement it in my irule

https://support.f5.com/csp/article/K15450552

Could you please advise on this?

Thanks

Samir · ‎05-Apr-2022

Here X-Forwarded-For Value is coming in String and you are changing to IP:Addr that the reason getting error.

TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 2)     invoked from within "whereis $client_ip country"
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 3)     invoked from within "whereis $client_ip country"

Below iRule has not tested but try it

when HTTP_REQUEST {
    if { [HTTP::header exists "X-Forwarded-For"] } {
         set client_ip [HTTP::header insert X-Forwarded-For]
         log local0. "$client_ip"
         set fromCountry [whereis $client_ip country]
         if { ( [class match $fromCountry equals Blocked_Countries]) }{
                drop
        }
   }
}

Abed_AL-R · ‎05-Apr-2022

Hi Samir

The irule I used is mentioned here, and I just copied it

https://support.f5.com/csp/article/K43383890

it is working fine, but only sometimes it is droping this error.

I will try your solution and update you

Update#2 : I tried your irule, it is droping the error I mentioned all the time. So it did not solve the issue.

Update#3 : I also tried the ASKF5 team recommendation:

set fromCountry [whereis [IP::addr $client_ip mask "255.255.255.255"] country]

But it did not work out. error still showup sometimes in CLI

TCL error: /parition/irule_XFF <HTTP_REQUEST> - bad IP address format (line 1)     invoked from within "IP::addr $client_ip mask "255.255.255.255""

I will try to contact F5 support to check if they can help with this.

T-Trust · ‎06-Apr-2022

Hi Abed_AL-R,

I hope this result test will help you, So i think this case require 2 step

1. We have to update geo-database from F5, Please refer link below

https://cloud-ttrust.com/f5-how-to-install-and-update-ip-geolocation-database/

2. Please follow step on link below for case iRules checl x-forward-for and query geo-database for check blacklist country

https://cloud-ttrust.com/f5-irules-check-http-x-forward-for-and-country/

Thanks you

Abed_AL-R · ‎06-Apr-2022

This is basically the same irule I was using

And our GeoLocation database is up to date. I updated it last week.

Abed_AL-R · ‎27-Jun-2022

If anyone still intersted

This F5 TAC answer:

'X-Forwarded-For' can have two different IPs (to be fair, it can have any value, there are no restrictions):

This is an example where there are two IPs:

Jun 27 15:08:57 BigIP info tmm2[15377]: Rule /partition1/iRule_1 <HTTP_REQUEST>: Bad IP address format for IP: 77.124.162.82, 66.249.81.254

And this is an example of try to use log 4j: (i deleted the log4j command because the forum security settings won't let me)

Jun 27 15:10:34 slot2 info tmm6[4764]: Rule /partition1/iRule1 <HTTP_REQUEST>: Bad IP address format for IP: ...xforwardedfor.caspq8k5fu0ihqo00010b8g4moc5isrqx.oast.pro}, 95.181.161.126

We catched those values after we added those lines to the iRule:

if { [catch { whereis [IP::addr $client_ip mask "255.255.255.255"] country } errText] } {
log local0. "Bad IP address format for IP: $client_ip"
drop

Good Luck

DevCentral

iRule error - bad IP address format (line x)