Forum Discussion
NimbostratusIrule Clubbing due to TCL errors.
Hi Guys,
Need help to combine these irules.
Codewhen HTTP_REQUEST { set http_uri [string tolower [HTTP::uri]] switch -glob ${http_uri} { "/ib/*" { } "/robots.txt" { } "/favicon.ico" { } "/rsabackchannel/hbibservice.svc" { if { [class match [IP::client_addr] equals FynSin_IPs] } { } else { HTTP::respond 301 noserver Location "; } } default { HTTP::respond 301 noserver Location "; } }
}
when HTTP_REQUEST { set version [SSL::cipher version] set cipher [SSL::cipher name] set oldsite [HTTP::host] set encode [b64encode $oldsite] Check for less than TLSv1.2. This prevents SSLv2, SSLv3, TLSv1, and TLSv1.1 (TLSv1.0 is returned as TLSv1 by [SSL::cipher version]). switch -glob $version { "TLSv1.2" { do nothting } default { When browser cannot negotiate at least TLSv1.1 redirect to a unencrypted page with an informational error. Set cache control headers to prevent proxies from caching the response. The cache control headers shouldn't be necessary for a 302, but it doesn't do any harm setting them. HTTP::respond 302 Location "http://y.y.y.y.com/?$encode" Cache-Control No-Cache Pragma No-Cache Connection Close
Log details of the SSL handshake and browser user-agent
Consider using High Speed Logging instead to improve performance: https://devcentral.f5.com/wiki/iRules.hsl.ashx
log local0. "[IP::client_addr]:[TCP::client_port]:\
\[SSL::cipher version\]: [SSL::cipher version],\
\[SSL::cipher name\]: [SSL::cipher name],\
\[SSL::cipher bits\]: [SSL::cipher bits],\
U-A: [HTTP::header User-Agent]"
}
}}
Cheers Steve
