Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
May 19, 2016

Custom Response Upon Denial with iRule.

We created an irule which denies a user access if they are not using TLS 1.1 or greater (so TLS1.0 or no TLS). We would like a custom message, and although it is in the iRule, that is not the message...
big-ip
irule
security
cjunior's avatar
cjunior
Icon for Nacreous rankNacreous
May 19, 2016

Hi,

I understood that you need to send a response in L7.

In my humble opinion, you did a good job.

So, if you aren't receiving the message, your connection may be being dropped before being established.

Could you check your ciphers in SSL client profile?

Anyway, let me do it a little diferent. Respectfully, 
when HTTP_REQUEST {
    if { not ([SSL::cipher version] starts_with "TLSv1.") } {
        HTTP::respond 200 content {
            Maintenance page
             **********CUSTOM DENIAL MESSAGE HERE.**********
             } Content-Type text/html Connection close
    }
}