For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
May 19, 2016

Custom Response Upon Denial with iRule.

We created an irule which denies a user access if they are not using TLS 1.1 or greater (so TLS1.0 or no TLS). We would like a custom message, and although it is in the iRule, that is not the message...
BIG-IP
irule
security
Yann_Desmarest's avatar
Yann_Desmarest
Icon for Cirrus rankCirrus
May 23, 2016

Hi,

You can use one of the irules provided above and add TLS1.0 ciphers in the cipher list. For example, you can do the following in the cipher list of your client ssl profile :

DEFAULT:TLSv1

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
May 24, 2016
The TLSv1 in the cipher and using any of the irules that y'all were kind enough to provide above, I receive the same message. Firefox tells the testers that the website owner has configured the site improperly. IE says that in order to access the site they will have to enable TLS 1.0, 1.1, or 1.2. It is basically acting as if no irule exists at all and immediately being denied and receiving the default message from the browser. This is even with TLS1 allowed in the ciphers and the irule in place.. It is odd. I'm wondering now if there is just another way, via ifile or something else, to go about doing this check and redirecting them to a notification page? Thoughts?