Forum Discussion
Sonny
Cirrus
CirrusHTTPS Redirects
Sorry if this has already been posted. I was trying to come up with an iRule that would redirect users who do NOT have TLS checked on their browsers to a specific page on the same server or a different server. Without TLS checked, the user will get a "page cannot be displayed". We don't want them to see this... instead we want them to make the necessary setting change. So this rule would key off the failed TLS connections. I know there's a lot of iRule pros out there so chime in... I just don't use it that much...
hoolioCirrostratus
Hi,
There is a Codeshare example which checks the cipher bit level and sends a redirect if it's below 128:
http://devcentral.f5.com/wiki/iRules.RedirectOnWeakEncryption.ashx
You could tweak that to get the cipher name or version:
http://devcentral.f5.com/wiki/iRules.ssl__cipher.ashx
Aaron
SonnyThanks Hoolio! This might work.- hoolioIf you end up using a variant of the current codeshare example, could you add it to that codeshare page?
Thanks,
Aaron - SonnyYeah, we used crafted it to this:
when HTTP_REQUEST {
if { [SSL::cipher version] == "TLSv1"} {
log local0. "client [IP::client_addr] ssl [SSL::cipher bits] version [SSL::cipher version]"
pool pool_name
} else {
Now use one of the destination commands
Either specify a pool
pool pool_tls_redirect
or to a specific node
node 10.10.10.10
or redirect to a specific URL
HTTP::redirect "http://some_address/sorry.html"
}
}