Forum Discussion
Antonio_Varni
Nimbostratus
Nimbostratus'generic' detect SSL::mode irule
I swear I had this working a long time ago on 9.4.
I'm on 10.2 now and currently have a default irule that we use for all vips (http and https) as well as an additional irule we use for all https vips that simply does:
rule insertHeader_sslInfo {
when HTTP_REQUEST {
HTTP::header replace SSLMode "True"
}
so our back end apps know the connection between the client and load balancer is secure.
I want to fold this irule into our 'default' irule like:
when HTTP_REQUEST {
if { [SSL::mode] == 1 } {
HTTP::header replace SSLMode "True"
}
But I get the error when I try to apply this to HTTP vips:
" SSL::mode in rule (irule-default-test) requires an associated SERVERSSL or CLIENTSSL profile on the virtual server (example.com-http)."
Is there any other way I can accomplish this?
tia!
3 Replies
Philip_LNothing on this? I am trying the same thing and it looks like SSL::mode was removed in 10.- Philip_LFYI I came accross this instead.
when CLIENT_ACCEPTED {
set isSSL 0
if { [TCP::local_port] == 443 } {
set isSSL 1
}
}
I use that instead of SSL:mode. Hope that helps 
hoolioCirrostratus
I think SSL::mode still exists but the validation around it has been tightened:when HTTP_REQUEST { set ssl_mode_cmd "SSL::mode" if { [eval $ssl_mode_cmd] == 1 } { HTTP::header replace SSLMode "True" } else { HTTP::header remove SSLMode } }
Setting isSSL to 0 or 1 won't actually modify the request in any way. And checking the port won't stop someone from sending HTTP on port 443.
Aaron
