TCL error on an iRule used for ASM managment
We have an iRule that is used to conditionally unblock triggered attack signatures on ASM policies for specific requests. Largely, this iRule works great. For some applications, however, it presents the following error message in the LTM Logs:
TCL error: /Common/irl_asm_svc_unblock - Illegal argument. Can't execute in the current context. (line 1) invoked from within "HTTP::uri"
We have had to temporarily remove this iRule from the vIPs AND disable the problematic Attack Signatures in the ASM in order to allow a customer application to function properly. This has pulled the teeth, so to speak, on our security policy.
We are on f5 Version 12.1.1 Build 2.0.204 Hotfix HF2. The iRule syntax is below:
when ASM_REQUEST_DONE {
set svcuri [ string tolower [HTTP::uri] ]
if { [ class match $svcuri starts_with dg_asm_svc_urilist ] and [ class match [ASM::violation details] contains dg_asm_svc_violationlist ] } { ASM::unblock } }
Any thoughts or suggestions would be greatly appreciated. Thank you!