For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

eduardo_26187's avatar
eduardo_26187
Icon for Nimbostratus rankNimbostratus
Mar 17, 2010

iRule multiple redirect/respond invocations not allowed

Hi all,     There is a rule which is sending these messages to the logs, although the rule it's redirecting correctly. Nevertheless I have reports that some people visit the web page with "...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 18, 2010
If someone makes a request to http://vip:443 they could make an unencrypted HTTP request to an HTTPS VIP. But the port would always be 443.

If you want to gracefully handle HTTP requests to an HTTPS VIP, you can enable non-SSL connections on the client SSL profile and then use an iRule like this: 

 
  http://devcentral.f5.com/wiki/default.aspx/iRules/Redirect_non_ssl_requests_on_ssl_vs_rule.html 
  
 when HTTP_REQUEST {  
  
     Check if the client used an SSL cipher  
    if {not ([catch {SSL::cipher version} result]) && $result ne "none"}{  
  
        Client did use a cipher  
       log local0. "\$result: $result. Allowing encrypted request."  
  
       if {[HTTP::path] eq "/"}{ 
          HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp" 
       } 
  
    } else {  
  
        Client did not use a cipher  
       log local0. "\$result: $result. Redirecting unencrypted request."  
       HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp" 
    }  
 }

Aaron