Bug ID 678066: LTM Policy Tcl-enabled values require 'tcl:' prefix

Last Modified: Jul 03, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP Install/Upgrade(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.4, 14.1.0.5, 14.1.0.6

Opened: Aug 11, 2017
Severity: 3-Major

Symptoms

Prior to BIG-IP v12.1.0, LTM Policy implicitly allowed certain fields to contain Tcl expressions, which would be evaluated and used at runtime. Version 12.1.0 expanded the number of LTM Policy action fields that allow Tcl expressions, and also added the restriction that these fields must begin with the 4-character prefix tcl: to differentiate between a Tcl runtime expansion and a simple text string.

Impact

The migration process, which should find this situation and automatically correct it, can miss in certain cases, leaving a configuration that may fail validation and not load.

Conditions

Pre-v12.1.0 LTM Policy containing an action that has a Tcl expression in one of the following actions, and does not begin with 'tcl:' prefix http-uri - value - path - query string or http-reply - location

Workaround

Edit configuration file, manually add the 'tcl:' (without the quotes) prefix for the following actions: http-uri plus value/path/query http-reply plus location

Fix Information

None

Behavior Change