For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
May 19, 2016

Custom Response Upon Denial with iRule.

We created an irule which denies a user access if they are not using TLS 1.1 or greater (so TLS1.0 or no TLS). We would like a custom message, and although it is in the iRule, that is not the message...
BIG-IP
irule
security
Yann_Desmarest_'s avatar
Yann_Desmarest_
Icon for Nacreous rankNacreous
May 24, 2016

Hi,

You can try this : 

when HTTP_REQUEST {
    if { not ([SSL::cipher version] starts_with "TLSv1.") } {
        HTTP::respond 200 content [ifile get message.html] noserver "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate" Connection Close
    }
}
gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
May 25, 2016
I tried what you suggested, but the connection does not get denied. Instead of goes right to the page as if TLS1.0 is allowed. This is supposed to happen, except it should be redirected to the custom message page. Is something missing from that rule that would redirect it to the ifile or that would fail to call the ifile?