cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

irule syntax error

Bhavik_1402
Nimbostratus
Nimbostratus

Hi Folks,

 

I'm new to iRules and need to create few irules which is provided by the application vendor and getting an error for one of the line as shown below in italic bold letter. The syntax starts with "for=" and LTM is giving below error.

 

01070151:3: Rule [/Common/iRule_Single_VIP] error: /Common/iRule_Single_VIP:58: error: [undefined procedure: for=]["for="[IP::client_addr]";]

/Common/iRule_Single_VIP:58: error: [undefined procedure: TCP::local_host][TCP::local_host]

 

if { not [HTTP::header exists "x-forwarded-for" ] } {

HTTP::header insert "X-Forwarded-For" [getfield [IP::client_addr] "%" 1]

}

### HTTP::header replace "X-Forwarded-For" [getfield [IP::client_addr] "%" 1]

HTTP::header replace "Host" [HTTP::host]

HTTP::header insert "X-Forwarded-Host" [HTTP::host]

HTTP::header insert "X-Forwarded-Hostname" [getfield [HTTP::host] ":" 1]

## Check to see that an upstream proxy has not already inserted

## the X-Forwarded-Port header, if not insert with current local

## port being used

if { not [HTTP::header exists "x-forwarded-port" ] } {

HTTP::header insert "X-Forwarded-Port" [TCP::local_port]

}

HTTP::header insert "X-Forwarded-ContextPath" /$dsServiceName

HTTP::header insert "X-Forwarded-Proto" "https"

# Create the Forward header to be compliant with RFC7239

# set string

"for="[IP::client_addr]";proto="$proto";by="[TCP::local_host]";host="[HTTP::host]";contextpath="$dsServiceName

# HTTP::header insert "Forwarded" string

## For each response which was a CORS request add the CORS

## headers to allow potential in page content to access

## information from this service

##

## F5 will be creating for the client. This allows the

## application to have the information even on the initial

## request

##

}

 

Can someone guide please?

4 REPLIES 4

Hi Bhavik_1402,

 

# char is placed at the beginning of the comment lines. The line starting with "for" should be at the end of the line above.

# Create the Forward header to be compliant with RFC7239 # set string "for=[IP::client_addr];proto=$proto;by=[TCP::local_host];host=[HTTP::host];contextpath=$dsServiceName" # HTTP::header insert "Forwarded" string

 

# means its just for comment and will not take in the effect. so does it mean the entire line is only for comment and will not be processed in irule?

 

# set string "for=[IP::client_addr];proto=$proto;by=[TCP::local_host];host=[HTTP::host] contextpath=$dsServiceName"

?

Yes, it will not processed. I found the irule in citrix forum.

https://discussions.citrix.com/topic/402284-f5-irules-to-netscaler-migrationinserting-xff-requests/

 

If you want to insert "Forwarded" header, you should remove #.

# Create the Forward header to be compliant with RFC7239 set string "for=[IP::client_addr];proto=https;by=[TCP::local_host];host=[HTTP::host];contextpath=<changewithservicename>" HTTP::header insert "Forwarded" $string

 

Thanks Enes,

 

This will really helps. I'll need to configure few other irules related to the same and will put something if require.

 

Thank you again for your help.