Forum Discussion
JG
Jan 23, 2018Cumulonimbus
Here you are:
when HTTP_REQUEST {
set version [SSL::cipher version]
set cipher [SSL::cipher name]
set oldsite [HTTP::host]
set encode [b64encode $oldsite]
Check for less than TLSv1.2. This prevents SSLv2, SSLv3, TLSv1, and TLSv1.1 (TLSv1.0 is returned as TLSv1 by [SSL::cipher version]).
switch -glob $version {
"TLSv1.2" {
do nothing
}
default {
When browser cannot negotiate at least TLSv1.2
redirect to an unencrypted page with an informational error.
Set cache control headers to prevent proxies from caching the response.
The cache control headers shouldn't be necessary for a 302,
but it doesn't do any harm setting them.
HTTP::respond 302 Location "http://y.y.y.y.com/?$encode" Cache-Control No-Cache Pragma No-Cache Connection Close
Log details of the SSL handshake and browser user-agent
Consider using High Speed Logging instead to improve performance: https://devcentral.f5.com/wiki/iRules.hsl.ashx
log local0. "[IP::client_addr]:[TCP::client_port]:\
\[SSL::cipher version\]: [SSL::cipher version],\
\[SSL::cipher name\]: [SSL::cipher name],\
\[SSL::cipher bits\]: [SSL::cipher bits],\
U-A: [HTTP::header User-Agent]"
}
}
set http_uri [string tolower [HTTP::uri]]
switch -glob ${http_uri} {
"/ib/*" {
do nothing
}
"/robots.txt" {
do nothing
}
"/favicon.ico" {
do nothing
}
"/rsabackchannel/hbibservice.svc" {
if { [class match [IP::client_addr] equals FynSin_IPs] } {
do nothing
} else {
HTTP::respond 301 noserver Location "https://x.x.x.x.com"
return
}
"/sitecore*" } {
HTTP::respond 301 Location "https://[HTTP::host]" Connection Close
return
} default {
HTTP::respond 301 noserver Location "https://x.x.x.x.com";
}
}
}