Forum Discussion

Abed_AL-R's avatar
Abed_AL-R
Icon for Cirrostratus rankCirrostratus
Apr 05, 2022

iRule error - bad IP address format (line x)

I just deployed this irule:

 

when HTTP_REQUEST {
    if { [HTTP::header exists "X-Forwarded-For"] } {
         set client_ip [HTTP::header value "X-Forwarded-For"]
         set fromCountry [whereis $client_ip country]
         if { ( [class match $fromCountry equals Blocked_Countries]) }{
                drop
        }
   }
}

 

And I'm getting this error in /var/log/ltm:

 

TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 2)     invoked from within "whereis $client_ip country"
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 3)     invoked from within "whereis $client_ip country"

 

I saw this article but not sure enough how to implement it in my irule

https://support.f5.com/csp/article/K15450552

Could you please advise on this?

Thanks

geolocation
irule
LTM
security
xff

5 Replies

Sort By
  • Samir's avatar
    Samir
    Icon for MVP rankMVP
    Apr 05, 2022

    Here X-Forwarded-For Value is coming in String and you are changing to IP:Addr that the reason getting error.

     

    TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 2)     invoked from within "whereis $client_ip country"
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 3)     invoked from within "whereis $client_ip country"

     

    Below iRule has not tested but try it

     

    when HTTP_REQUEST {
    if { [HTTP::header exists "X-Forwarded-For"] } {
         set client_ip [HTTP::header insert X-Forwarded-For]
         log local0. "$client_ip"
         set fromCountry [whereis $client_ip country]
         if { ( [class match $fromCountry equals Blocked_Countries]) }{
                drop
        }
   }
}

     

    • Abed_AL-R's avatar
      Abed_AL-R
      Icon for Cirrostratus rankCirrostratus
      Apr 05, 2022

      Hi Samir

      The irule I used is mentioned here, and I just copied it

      https://support.f5.com/csp/article/K43383890

      it is working fine, but only sometimes it is droping this error.

      I will try your solution and update you

      Update#2 : I tried your irule, it is droping the error I mentioned all the time. So it did not solve the issue.

      Update#3 :  I also tried the ASKF5 team recommendation:

      set fromCountry [whereis [IP::addr $client_ip mask "255.255.255.255"] country]

      But it did not work out. error still showup sometimes in CLI

      TCL error: /parition/irule_XFF <HTTP_REQUEST> - bad IP address format (line 1)     invoked from within "IP::addr $client_ip mask "255.255.255.255""

      I will try to contact F5 support to check if they can help with this.

    • Abed_AL-R's avatar
      Abed_AL-R
      Icon for Cirrostratus rankCirrostratus
      Apr 06, 2022

      This is basically the same irule I was using

      And our GeoLocation database is up to date. I updated it last week.

  • Abed_AL-R's avatar
    Abed_AL-R
    Icon for Cirrostratus rankCirrostratus
    Jun 27, 2022

    If anyone still intersted

    This F5 TAC answer:

    'X-Forwarded-For' can have two different IPs (to be fair, it can have any value, there are no restrictions):

    This is an example where there are two IPs:

     

    Jun 27 15:08:57 BigIP info tmm2[15377]: Rule /partition1/iRule_1 <HTTP_REQUEST>: Bad IP address format for IP: 77.124.162.82, 66.249.81.254

     

    And this is an example of try to use log 4j: (i deleted the log4j command because the forum security settings won't let me)

     

    Jun 27 15:10:34 slot2 info tmm6[4764]: Rule /partition1/iRule1 <HTTP_REQUEST>: Bad IP address format for IP: ...xforwardedfor.caspq8k5fu0ihqo00010b8g4moc5isrqx.oast.pro}, 95.181.161.126

     

    We catched those values after we added those lines to the iRule:

     

    if { [catch { whereis [IP::addr $client_ip mask "255.255.255.255"] country } errText] } {
log local0. "Bad IP address format for IP: $client_ip"
drop

     


    Good Luck