Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7
Fixed In:
14.0.0, 13.1.0.8
Opened: Oct 25, 2017 Severity: 2-Critical
Using the ACCESS::restrict_irule_events disable command to allow iRule events triggered by APM-generated responses to be visible to the iRule no longer works.
iRule execution is aborted.
-- ACCESS::restrict_irule_events disable. -- HTTP iRules commands used in HTTP_RESPONSE_RELEASE after a retry has been triggered by APM.
The only possible workaround is to abandon the iRule, and implement the functionality using a VIP-targeting-VIP configuration. Note: This might not be acceptable in many cases either because of functionality loss (e.g., client certificate auth), or because there are complicated issues specifically solved by iRules.
APM triggers a new iRule event when it retries a request. This new event allows iRules to be notified when this occurs. The HTTP_RESPONSE_RELEASE event is no longer triggered on an internal retry as no response will be sent. A BigDB variable has been added to disable run-time validation of HTTP iRule commands. This is intended to ease the roll-forward of old APM iRules.