Forum Discussion

Nimbostratus

Aug 18, 2010

'generic' detect SSL::mode irule

I swear I had this working a long time ago on 9.4. I'm on 10.2 now and currently have a default irule that we use for all vips (http and https) as well as an additional irule we use for all https vip...

Cirrostratus

Sep 19, 2010

I think SSL::mode still exists but the validation around it has been tightened:


when HTTP_REQUEST {

   set ssl_mode_cmd "SSL::mode"
   if { [eval $ssl_mode_cmd] == 1 } {
      HTTP::header replace SSLMode "True"
   } else {
      HTTP::header remove SSLMode
   }
}

Setting isSSL to 0 or 1 won't actually modify the request in any way. And checking the port won't stop someone from sending HTTP on port 443.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

'generic' detect SSL::mode irule

SSO Login Update Coming to DevCentral

Kevin - June 2026 Featured F5er

Tyler - May 2026 Featured Member

Recent Discussions

Clone/export/import API Protection Profile

UCS file migration on differing OS versions

simultaneous disabling / enabling of all LTM objects

F5 VE WAF FINE TUNING

Changes to DO and AS3 GitHub - no longer monitored

Related Content

LLM Prompt Injection Detection & Enforcement

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Generic iRule based on datagroup parsing

WS-Shield: WebSocket Abuse Detection & Adaptive Enforcement Gateway

F5 Distributed Cloud JA4 detection for enhanced performance and detection

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS