Two iRules that seem to conflict
Env: LTM 11.5.2 (hardware, not VM)
We have two iRules that work correctly independently, but when we apply them both to a virtual server, cause an error. The error is:
TCL error: /Common/esb-qa-secure-aws.psegliny.com-443_adjust-wsdl-endpoint - Operation not supported (line 1) invoked from within "HTTP::header remove "Accept-Encoding""
That iRule code that errs out is as follows (note that I put in the priority as an attempt to de-conflict the two iRules, but it seemed to have no effect) - it's a pretty standard stream adjustment to rewrite some content on the way out:
when HTTP_REQUEST {
Disable the stream filter for all requests
STREAM::disable
LTM does not decompress response content, so if the server has compression enabled
and it cannot be disabled on the server, we can prevent the server from sending
a compressed response by removing the compression offerings from the client
HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {
Check if response type is text
if { [HTTP::header value Content-Type] contains "text" } {
STREAM::disable
log local0. "Adjusting values"
Replace http:// with https://
STREAM::expression {@:443@@ @pl-ts-esb-esb01.dev.psegliny@esb-qa-secure-aws.psegliny.com@ @pl-ts-esb-esb02.dev.psegliny@esb-qa-secure-aws.psegliny.com@ @pl-ts-esb-esb03.dev.psegliny@esb-qa-secure-aws.psegliny.com@ @pl-ts-esb-esb04.dev.psegliny@esb-qa-secure-aws.psegliny.com@}
Enable the stream filter for this response only
STREAM::enable
}
}
It operates fine, except when I add the following iRule (which also works fine, as long as the previous iRule is not applied:
when HTTP_REQUEST {
if { [HTTP::username] eq "" or [HTTP::password] eq "" } {
HTTP::respond 401 WWW-Authenticate "Basic realm=\"AWS Alexa Credentials Required\""
return
}
binary scan [md5 [HTTP::password]] H* password
log local0. "Pw [HTTP::password] MD5 is $password"
if { [class lookup "[HTTP::username]" AWS-Alexa_QA_Account] equals $password } {
log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]"
} else {
log local0. "User [HTTP::username] has been denied access to virtual server [virtual name] using password [$password]"
HTTP::respond 401 WWW-Authenticate "Basic realm=\"AWS Alexa Credentials Required\""
}
}
I played with priority, trying to get the HTTP_REQUEST section of the 2nd iRule to apply before the 1st one, to no effect. I also moved the STREAM::disable and header removal into the 2nd iRule, to no effect.
Any thoughts? What approach will allow both of these iRules to operate at the same time?
thx!