Forum Discussion
NimbostratusIrule getting too many redirects
Hi, I am trying to make an Irule redirect to a URL if the tls version is 1 or 1.1, but I am getting too many redirects in the browser, I also try to insert a cookie so the redirect only appears one time. Here is the Irule:
when CLIENTSSL_HANDSHAKE {
log local0. "primer_if"
if { ([SSL::cipher version] eq "TLSv1" ) or
([SSL::cipher version] eq "TLSv1.2" ) } then {
log local0. "Cliente [IP::client_addr]:[TCP::client_port] usa [SSL::cipher version]"
set count 1
} else {
set count 0
}
}
when HTTP_REQUEST {
log local0. "[HTTP::uri]"
if { (not [HTTP::cookie exists NotificationDone]) and $count == 1 and !([HTTP::uri] starts_with "/Paginas/index.aspxpartners")} {
log local0. "tercer if"
HTTP::cookie insert name "NotificationDone" value "123"
HTTP::redirect https://[getfield [HTTP::host] ":" 1]/Paginas/index.aspxpartners
} else {
}
}
when HTTP_RESPONSE {
log local0. "cuarto if"
}
Doing the ts the HTTP_RESPONSE command did not get executed.
Thanks.
this is the irule log:
Fri May 4 11:10:38 CLST 2018 info lab2 tmm[14483] Rule /Common/dev_central_v7 : tercer if
Fri May 4 11:10:38 CLST 2018 info lab2 tmm[14483] Rule /Common/dev_central_v7 : /Paginas/index.aspx
Fri May 4 11:10:38 CLST 2018 info lab2 tmm[14483] Rule /Common/dev_central_v7 : tercer if
Fri May 4 11:10:38 CLST 2018 info lab2 tmm[14483] Rule /Common/dev_central_v7 : /Paginas/index.aspx
Fri May 4 11:10:38 CLST 2018 info lab2 tmm[14483] Rule /Common/dev_central_v7 : tercer if
Fri May 4 11:10:38 CLST 2018 info lab2 tmm[14483] Rule /Common/dev_central_v7 : /Paginas/index.aspx
Fri May 4 11:10:38 CLST 2018 info lab2 tmm[14483] Rule /Common/dev_central_v7 : tercer if
Fri May 4 11:10:38 CLST 2018 info lab2 tmm[14483] Rule /Common/dev_central_v7 : /Paginas/index.aspx
Fri May 4 11:10:38 CLST 2018 info lab2 tmm[14483] Rule /Common/dev_central_v7 : tercer if
Fri May 4 11:10:38 CLST 2018 info lab2 tmm[14483] Rule /Common/dev_central_v7 : /Paginas/index.aspx
Thanks.
Yann_DesmarestCirrus
Hi Sergio,
First, the cookie insert command will insert a cookie in the request not the response you built with HTTP::redirect.
Instead, You should switch to HTTP::respond and add the cookie as a header in this command. There is many examples on devcentral you can inspire yourself.
Then, HTTP_RESPONSE event is triggered for response received from backend. Response generated by F5 itself are not accessible through this event.
hope it helps
Yann
René_GeileHi,
some comments:
1) According to iRule wiki HTTP::cookie insert should work better in HTTP_RESPONSE. Have you checked in Browser Web Debugger if the cookie is reallly received by the browser and used in the next request?
2) You say you want to redirect TLS 1 and 1.1 but the iRule checks for 1 and 1.2, is this a typo?
Regards, René
Sergio000_19532Hi, I solved the problem this is the final Irule, I do the redirect with HTML code. thx to all.
when RULE_INIT { set static::notification_page { } } when CLIENTSSL_HANDSHAKE { Determinar si la version ssl es insegura if { ([SSL::cipher version] eq "TLSv1" ) or ([SSL::cipher version] eq "TLSv1.1" ) } then { log local0. "Cliente [IP::client_addr]:[TCP::client_port] usa [SSL::cipher version]" set count 1 } else { set count 0 } } when HTTP_REQUEST { if { (not [HTTP::cookie exists NotificationDone]) and $count == 1 } { HTTP::respond 200 content [subst $static::notification_page] Mime-Type "text/html" Set-Cookie "NotificationDone=1; path=/; domain=.[HTTP::host]" } }