For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gdoyle's avatar
gdoyle
Icon for Cirrostratus rankCirrostratus
May 19, 2016

Custom Response Upon Denial with iRule.

We created an irule which denies a user access if they are not using TLS 1.1 or greater (so TLS1.0 or no TLS). We would like a custom message, and although it is in the iRule, that is not the message...
BIG-IP
irule
security
Yann_Desmarest_'s avatar
Yann_Desmarest_
Icon for Nacreous rankNacreous
May 24, 2016

Hi,

You can try this : 

when HTTP_REQUEST {
    if { not ([SSL::cipher version] starts_with "TLSv1.") } {
        HTTP::respond 200 content [ifile get message.html] noserver "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate" Connection Close
    }
}
Yann_Desmarest_'s avatar
Yann_Desmarest_
Icon for Nacreous rankNacreous
May 25, 2016
Hi, the irule is correct. I validated it on my lab. I think that you negociate TLS1.1 or TLS1.2 instead of TLS1.0 for testing