Forum Discussion
Alex_Suslik_102
Nimbostratus
Nimbostratuscheck client SSL encryption level support
Client targeting https://strong.test.com
This code should redirect to a pool "client_info" only if the browser does not support 128 or 256 bit encryption, but it always redirects to this pool (even when browser does support required encryption). Where is the problem?
when HTTP_REQUEST {
set cipher [HTTP::header "SSLClientCipher"]
if { ($cipher eq "bits=128") || ($cipher eq "bits=256") }
{
pool strong.test.com
} else {
pool client_info
}
}
- Hi Alex -
I'd recommend adding some logging to your rule that reveals the variables your condition uses at the time the evaluation is made:
I think you'll find that the value returned doesn't /equal/ either value, so the condition fails. You might try the "contains" operator instead if you see the string "bits=xxx" in the returned value:when HTTP_REQUEST { set cipher [HTTP::header "SSLClientCipher"] log local0. "cipher = $cipher" if { ($cipher eq "bits=128") || ($cipher eq "bits=256") }{
However, there is actually a specific command to find the cipher bits, so I think this rule would accomplish your goal:when HTTP_REQUEST { set cipher [HTTP::header "SSLClientCipher"] if { ($cipher contains "bits=128") || ($cipher contains "bits=256") }{when HTTP_REQUEST { if { [SSL::cipher bits] >= 128 }{ pool strong.test.com } else { pool client_info } }
HTH
/deb 
Alex_Suslik_102Thank you, it did work. Any recommendation/tips/references how to debug rules?
