For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

2 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Dec 10, 2010
    Hi Dave,

     

     

    I suggest configuring a separate virtual server for HTTP and one for HTTPS. If you add a client SSL profile, you can redirect client requests to non-sub.domainname.com hosts using the same iRule as shown below. Or if you wanted to use separate iRules for HTTP and HTTPS, you could simplify the iRules and remove the CLIENT_ACCEPTED event and hard code the protocol to http:// or https://.

     

     

    
when CLIENT_ACCEPTED {

    Check  the client's destination port
   switch [TCP::local_port] {
      443 {
          Request is to an SSL port
         set proto "https"
      }
      default {
          Request is to a non-SSL port
         set proto "http"
      }
   }
}
when HTTP_REQUEST {

    Check if host isn't sub.domainname.com
   if {[string tolower [HTTP::host]] ne "sub.domainname.com"}{

       Redirect to the same protocol and URI to the correct hostname
      HTTP::redirect "${proto}://sub.domainname.com[HTTP::uri]"
   }
}

     

     

    Aaron
  • DaveC_21078's avatar
    DaveC_21078
    Icon for Altostratus rankAltostratus
    Dec 10, 2010
    Thanks. I'll give that a try. I would never have come up with this solution.