Forum Discussion
hooleylist
Mar 18, 2010Cirrostratus
If someone makes a request to http://vip:443 they could make an unencrypted HTTP request to an HTTPS VIP. But the port would always be 443.
If you want to gracefully handle HTTP requests to an HTTPS VIP, you can enable non-SSL connections on the client SSL profile and then use an iRule like this:
http://devcentral.f5.com/wiki/default.aspx/iRules/Redirect_non_ssl_requests_on_ssl_vs_rule.html
when HTTP_REQUEST {
Check if the client used an SSL cipher
if {not ([catch {SSL::cipher version} result]) && $result ne "none"}{
Client did use a cipher
log local0. "\$result: $result. Allowing encrypted request."
if {[HTTP::path] eq "/"}{
HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp"
}
} else {
Client did not use a cipher
log local0. "\$result: $result. Redirecting unencrypted request."
HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp"
}
}
Aaron