For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jason_Miller_41's avatar
Jason_Miller_41
Icon for Nimbostratus rankNimbostratus
Apr 03, 2006

Detecting if the ceonnection is secure or not

Hi,

 

 

I'm trying to write an iRule that only run if the connection was made thru the SSL proxy.

 

 

Here is the rule set that is currently running:

 

 

if (http_uri starts_with "/SpecialPath") {

 

use pool PoolB

 

}

 

else if (http_uri ends_with one of images) {

 

use pool WWWImgPool

 

}

 

else {

 

use pool WWWServers

 

}

 

 

I want the first rule to only run if the user has contacted the server via a secure connection. I'm note sure how to detect that the ceonnection was secure or not.

 

 

Thanks
application delivery
dev
devops
iRules
v4

2 Replies

  • Martin_Machacek's avatar
    Martin_Machacek
    Historic F5 Account
    Apr 06, 2006
    Jason,

    BIG-IP does not allow to detect from a rule that current request has been delivered via secure connection. The best way to achieve your goal is to use separate virtual servers for in-secure connections and for secure connection via the SSL proxy. The 2 virtual servers can share pools or rules as necessary. Example configuration:

    
virtual :80 {
  use rule insecure_conn
}
virtual 127.1.1.80:80 {
  use rule secure_conn
}
proxy :443 {
  target virtual 127.1.1.80:80
  clientssl enable
  ...
}

    (replace with IP address)

    All in-secure (HTTP) connections will be handled by the :80 virtual and all secure (HTTPS) connections by the proxy. The proxy will forward (decrypted) data to the 127.1.1.80:80 virtual. You can check for URIs requiring secure connection in the insecure_conn rule and redirect them to the proxy using statement:

    
redirect to "https://%h/%u"