For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
May 19, 2016

Custom Response Upon Denial with iRule.

We created an irule which denies a user access if they are not using TLS 1.1 or greater (so TLS1.0 or no TLS). We would like a custom message, and although it is in the iRule, that is not the message...
BIG-IP
irule
security
cjunior's avatar
cjunior
Icon for Nacreous rankNacreous
May 19, 2016

Hi,

I understood that you need to send a response in L7.

In my humble opinion, you did a good job.

So, if you aren't receiving the message, your connection may be being dropped before being established.

Could you check your ciphers in SSL client profile?

Anyway, let me do it a little diferent. Respectfully, 
when HTTP_REQUEST {
    if { not ([SSL::cipher version] starts_with "TLSv1.") } {
        HTTP::respond 200 content {
            Maintenance page
             **********CUSTOM DENIAL MESSAGE HERE.**********
             } Content-Type text/html Connection close
    }
}