Symptoms
ACCESS::restrict_irule_events is enabled by default. But if you add the VDI profile to the virtual server, it changes this default behavior and disables this flag. Due to this, you will start seeing that iRule events are raised for internal APM requests as well.
When this is happening, the system posts the following error signatures in /var/log/ltm:
err tmm[20661]: 01220001:3: TCL error: /Common/stream_vdi_debug <HTTP_RESPONSE> - Operation not supported (line 15)
invoked from within STREAM::expression "@$matchstring@$replacestring@" ".
err tmm[19745]: 01220001:3: TCL error: /Common/stream_vdi <HTTP_REQUEST> - Operation not supported (line 1)
invoked from within "STREAM::disable".
Impact
iRule implementation may not work as expected. For example: attaching the OFBA iRule (_sys_APM_MS_Office_OFBA_Support) to the virtual server which has VDI profile breaks OFBA functionality.
Conditions
Virtual server with VDI profile attached. And any iRule implementation written with the assumption that restrict_irule_events are enabled by default.
Workaround
Enable the ACCESS::restrict_irule_events flag manually using syntax similar to the following:
when CLIENT_ACCEPTED {
ACCESS::restrict_irule_events enable
}
Note: This impacts Citrix Wyse client RSA next-token change scenario.
