Forum Discussion

kk1's avatar
kk1
Icon for Nimbostratus rankNimbostratus
Jun 04, 2019
Solved

iRules how can I get to custom error message?

Hi guys,

 

Please can you help with an issue I have.

 

We have a website that has certification, there is a requirement to SSL enable the communication to our website.

 

On BIG-IP LTM, we neet to limit a request up to 10 connections, if so, we want to response a custom error code "ErrCode=E91099991" .

 

However, because of not using SSL termination, we got a error message on iRules window below,

HTTP_REQUEST event in rule (/Common/rule.SITE) requires an associated HTTP or FASTHTTP profile on the virtual server (/Common/vs.SITE.HTTPS)

 

************************************************

when RULE_INIT {

  set ::active_connections_site 0

  set ::html_content "ErrCode=E91099991"

}

 

when CLIENT_ACCEPTED {

  set site_over_limit 0

  set ::site_maxConnection [class get SITE_MAX_TCP_CONNECTION]

 

  if { $::active_connections_site <= [lindex $::site_maxConnection 0] } {

  incr ::active_connections_site 1

 } else {

 set site_over_limit 1

  } 

}

 

when HTTP_REQUEST {

  if { $site_over_limit }{

   HTTP::respond 200 content $::html_content

   TCP::close

  }

}

 

when CLIENT_CLOSED {

  if { ($site_over_limit == 0) and ($::active_connections_site > 0) } {

   incr ::active_connections_site -1

  }

}

************************************************

 

SITE_MAX_TCP_CONNECTION = 10

 

 

How can I response a custom error code?

 

Any help greatly appreciated.

 

cheers,

 

Lio,

application delivery
BIG-IP
iRules
  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Jun 04, 2019

    Firstly, you should not be using global variables, these are prefixed with the double colon. These cause a CMP demotion

    https://support.f5.com/csp/article/K13033

    # do not set variables in the global namespace
set ::foo bar
 
# set in the local scope
set foo bar

    Additionally I would be cautious setting variables in RULE_INIT as they will only be initialised when TTM or the iRule is reloaded. As you've used global variables, $::active_connections_site will only reset to 0 under these two conditions.

    The error message you received is because you are using the event HTTP_REQUEST and attempting to use an HTTP response without an HTTP profile assigned to the virtual server . You will also need to add an client-ssl profile to the virtual server if this is using port TCP/443

    Lee

1 Reply

Sort By
  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Icon for Nacreous rankNacreous
    Jun 04, 2019

    Firstly, you should not be using global variables, these are prefixed with the double colon. These cause a CMP demotion

    https://support.f5.com/csp/article/K13033

    # do not set variables in the global namespace
set ::foo bar
 
# set in the local scope
set foo bar

    Additionally I would be cautious setting variables in RULE_INIT as they will only be initialised when TTM or the iRule is reloaded. As you've used global variables, $::active_connections_site will only reset to 0 under these two conditions.

    The error message you received is because you are using the event HTTP_REQUEST and attempting to use an HTTP response without an HTTP profile assigned to the virtual server . You will also need to add an client-ssl profile to the virtual server if this is using port TCP/443

    Lee