For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Antonio_Varni's avatar
Antonio_Varni
Icon for Nimbostratus rankNimbostratus
Aug 18, 2010

'generic' detect SSL::mode irule

I swear I had this working a long time ago on 9.4. I'm on 10.2 now and currently have a default irule that we use for all vips (http and https) as well as an additional irule we use for all https vip...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Sep 20, 2010
I think SSL::mode still exists but the validation around it has been tightened: 


when HTTP_REQUEST {

   set ssl_mode_cmd "SSL::mode"
   if { [eval $ssl_mode_cmd] == 1 } {
      HTTP::header replace SSLMode "True"
   } else {
      HTTP::header remove SSLMode
   }
}

Setting isSSL to 0 or 1 won't actually modify the request in any way. And checking the port won't stop someone from sending HTTP on port 443.

Aaron