For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bob_Vance_75936's avatar
Bob_Vance_75936
Icon for Altostratus rankAltostratus
Apr 17, 2012

Global redirect

Hello,     We are looking to complete a maintenance that will essentially take all the virtuals down for a period of time. What we would like to be able to do is provide a redirect for all virt...
config
design
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Apr 17, 2012
Hi Bob,

 

 

I think you could set TM.ContinueMatching database variable to true, configure a 0.0.0.0:80 virtual server and 0.0.0.0:443 virtual server with the redirects. If you have a single SSL cert valid for all of the HTTPS hostnames you could apply that in a client SSL profile to the HTTPS virtual server. If you don't, you could still use a client SSL profile, but clients would get prompted to accept the mismatched certificate. With all the HTTP/HTTPS virtual servers disabled, TMM should match those requests to the wildcard virtual servers and you can send a redirect from those using an iRule or fallback host.

 

 

For details on the TM.ContinueMatching variable you can check this SOL:

 

 

sol8009: Change in Behavior: The bigpipe db TM.ContinueMatching variable is now set to false

 

https://support.f5.com/kb/en-us/solutions/public/8000/000/sol8009.html

 

 

I'd test this on a test unit or virtual edition to make sure the process works before trying it on a production unit.

 

 

Aaron