Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

iRule error - bad IP address format (line x)

Abed_AL-R
Cirrostratus
Cirrostratus

‎04-Apr-2022 23:40

I just deployed this irule:

 

when HTTP_REQUEST {
    if { [HTTP::header exists "X-Forwarded-For"] } {
         set client_ip [HTTP::header value "X-Forwarded-For"]
         set fromCountry [whereis $client_ip country]
         if { ( [class match $fromCountry equals Blocked_Countries]) }{
                drop
        }
   }
}

 

And I'm getting this error in /var/log/ltm:

 

TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 2)     invoked from within "whereis $client_ip country"
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 3)     invoked from within "whereis $client_ip country"

 

I saw this article but not sure enough how to implement it in my irule

https://support.f5.com/csp/article/K15450552

Could you please advise on this?

Thanks

Labels:
0 Kudos
4 REPLIES 4

Samir
Nacreous
Nacreous

‎05-Apr-2022 07:06 - edited ‎06-Apr-2022 04:25

Here X-Forwarded-For Value is coming in String and you are changing to IP:Addr that the reason getting error.

 

TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 2)     invoked from within "whereis $client_ip country"
TCL error: /parition1/BlockedCoun_XFF <HTTP_REQUEST> - bad IP address format (line 3)     invoked from within "whereis $client_ip country"

 

Below iRule has not tested but try it

 

when HTTP_REQUEST {
    if { [HTTP::header exists "X-Forwarded-For"] } {
         set client_ip [HTTP::header insert X-Forwarded-For]
         log local0. "$client_ip"
         set fromCountry [whereis $client_ip country]
         if { ( [class match $fromCountry equals Blocked_Countries]) }{
                drop
        }
   }
}

 

0 Kudos

Abed_AL-R
Cirrostratus
Cirrostratus
In response to Samir

‎05-Apr-2022 10:55 - edited ‎05-Apr-2022 21:17

Hi Samir

The irule I used is mentioned here, and I just copied it

https://support.f5.com/csp/article/K43383890

it is working fine, but only sometimes it is droping this error.

I will try your solution and update you

Update#2 : I tried your irule, it is droping the error I mentioned all the time. So it did not solve the issue.

Update#3 :  I also tried the ASKF5 team recommendation:

set fromCountry [whereis [IP::addr $client_ip mask "255.255.255.255"] country]

But it did not work out. error still showup sometimes in CLI

TCL error: /parition/irule_XFF <HTTP_REQUEST> - bad IP address format (line 1)     invoked from within "IP::addr $client_ip mask "255.255.255.255""

I will try to contact F5 support to check if they can help with this.

0 Kudos

T-Trust
Cirrus
Cirrus

‎06-Apr-2022 01:50

Hi Abed_AL-R,

I hope this result test will help you, So i think this case require 2 step

1. We have to update geo-database from F5, Please refer link below

TTrust_0-1649234921416.png

https://cloud-ttrust.com/f5-how-to-install-and-update-ip-geolocation-database/

2. Please follow step on link below for case iRules checl x-forward-for and query geo-database for check blacklist country

TTrust_1-1649234988102.png

https://cloud-ttrust.com/f5-irules-check-http-x-forward-for-and-country/

Thanks you

 

 

0 Kudos

Abed_AL-R
Cirrostratus
Cirrostratus
In response to T-Trust

‎06-Apr-2022 02:41

This is basically the same irule I was using

And our GeoLocation database is up to date. I updated it last week.

0 Kudos
Copyright © 2022 Khoros, LLC