Bug ID 690756: APM depends on undocumented internal behavior of HTTP iRule commands after a retry is initiated

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7

Fixed In:
14.0.0, 13.1.0.8

Opened: Oct 25, 2017

Severity: 2-Critical

Symptoms

Using the ACCESS::restrict_irule_events disable command to allow iRule events triggered by APM-generated responses to be visible to the iRule no longer works.

Impact

iRule execution is aborted.

Conditions

-- ACCESS::restrict_irule_events disable. -- HTTP iRules commands used in HTTP_RESPONSE_RELEASE after a retry has been triggered by APM.

Workaround

The only possible workaround is to abandon the iRule, and implement the functionality using a VIP-targeting-VIP configuration. Note: This might not be acceptable in many cases either because of functionality loss (e.g., client certificate auth), or because there are complicated issues specifically solved by iRules.

Fix Information

APM triggers a new iRule event when it retries a request. This new event allows iRules to be notified when this occurs. The HTTP_RESPONSE_RELEASE event is no longer triggered on an internal retry as no response will be sent. A BigDB variable has been added to disable run-time validation of HTTP iRule commands. This is intended to ease the roll-forward of old APM iRules.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips