Forum Discussion
Feb 15, 2006
Sure it's possible. The questions is how many external IPs are you looking at. Is it a list of addresses, or subnets.
Here's how you could do it for a set of fixed addresses
*** Begin Data Group ***
class valid_addresses {
"10.10.10.10"
"10.10.10.11"
"10.10.10.12"
}
*** Begin iRule ***
when HTTP_REQUEST {
if { [matchclass [IP::client_addr] equals $::valid_addresses] } {
check for at least 128 bits of encryption
if { [SSL::cipher bits] < 128 }{
when browser cannot do at least 128 bits of encryption redirect
to a un-encrypted page with an informational error
HTTP::redirect http://10.10.10.10/error/sslerr.html
}
}
}
This should at least get you started...
-Joe