Forum Discussion
GavinW_29074
Nimbostratus
Jan 03, 2012CLIENTSSL_HANDSHAKE without Client SSL profile???
Hi there,
I'm trying to set-up a generic ProxyPass rule to support both HTTP and HTTPS connections...
Currently, I've added the following line to the 'CLIENT_ACCEPTED' section:
set proto "http"
I've then added the following code block:
when CLIENTSSL_HANDSHAKE {
There was a client side SSL handshake, so update the variable
set proto "https"
}
I then use this to do a redirect further down:
Perform the default redirect.
HTTP::redirect "$proto://[HTTP::host]$rurl"
However when trying to apply this rule to a Virtual without a Client SSL Profile, I get the following error:
CLIENTSSL_HANDSHAKE event in rule (/Common/ProxyPass) requires an associated CLIENTSSL profile on the virtual server
Is there any way around this?
What alternatives have I got to reliably check the connection protocol?
Cheers
Gavin
- hoolio
Cirrostratus
Hi Gavin, - GavinW_29074
Nimbostratus
Hoolio - hoolio
Cirrostratus
Can you try this snippet to get the protocol for HTTP and HTTPS virtuals?when HTTP_REQUEST { Hide the SSL:: command from the iRule parser so the iRule can be used on a non-client SSL VS set cipher_cmd "SSL::cipher version" Check if the client used an SSL cipher and it's not "none" if {not ([catch {eval $cipher_cmd} result]) && $result ne "none"}{ Client did use a cipher set proto "https" } else { Client did not use a cipher set proto "http" } }
- GavinW_29074
Nimbostratus
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects