DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
The aFleX scripting language is based on the Tool Command Language (Tcl) programming standard. Here are some popular aFleX misconfigurations.
Note: aFleX syntax errors are displayed in the WebUI when you save the aFleX script (Config > Service > aFleX) or in the CLI (aflex check script-name).
This type of error is usually on an “if” line. In Tcl language, the opening curly bracket (” { “) has to be on the same line as the closing curly bracket. A space is required between the curly brackets: “} {“
Good: if { [HTTP::uri] starts_with “/private”)} {
xyz
}
Bad: if { [HTTP::uri] starts_with “/private”)}
{
Bad: if { [HTTP::uri] starts_with “/private”)}{
Note: aFleX execution abort error statistics are available in the WebUI (Monitor > Service > aFleX) and in the CLI (show aflex script-name).
This type of error can be caused by a variable name that has a dash (” – “) in it. aFleX variables can contain numbers, letters and underscore( _ ).
Good: set ip_addr “10.0.0.10”
Bad: set ip-addr “10.0.0.10”
This type of error can occur when the aFleX script tries to read an HTTP variable that does not exist in the request or the response. For instance, response HTTP header “Location” is not always present. Typically, this header is present only in server redirects (response code 301 or 302).
Good: if { [HTTP::header exists “Location”]} {
if {[HTTP::header Location] contains “intranet.example.com”} {
Bad: if { [HTTP::header Location] contains “intranet.example.com”} {
aFleX HTTP content rewrite not done
There is no aFleX error or failure but the HTTP content in the response is not modified.
This error can occur if servers reply with compressed content. To prevent servers from replying with compressed content, remove the request header “Accept-Encoding”, so the servers will believe that clients do not support compression.
Note: You can always configure HTTP compression to occur on the AX device itself to improve end-user response time.
Good: when HTTP_REQUEST {
HTTP::header remove Accept-Encoding
when HTTP_RESPONSE {
HTTP::collect
when HTTP_RESPONSE_DATA {
HTTP::release
Bad: when HTTP_RESPONSE {
HTTP::release}
aFleX is a powerful and flexible scripting language that you can use to manage your traffic and provide enhanced benefits and services. It’s built into the Thunder® Application Delivery Controller (ADC), a high-performance load balancing solution that enables your applications to be highly secure, available, and accelerated.
