Forum Discussion
iRule that drops only vpn connections
The following iRule sends only RST to clients that connect via vpn but all other users get 301 redirect then the connection close.
Running BIG-IP 10.2.3 Build 123.110 Engineering Hotfix HF1
when HTTP_REQUEST { if { [HTTP::method] eq "GET" or [HTTP::uri] starts_with "/cx/facebook/" } { set url https://[getfield [HTTP::host] ":" 1][HTTP::uri] HTTP::respond 301 noserver "Location" "$url" "Connection" "close" } else { HTTP::respond 405 content { SSL Required
you must use ssl to access this resource } noserver "Connection" "close" } }
- Michael_JenkinsCirrostratusCan you provide a little clarification for your questions? Are you saying this iRule does this, or are you looking for help making the iRule reject clients that come in via VPN?
- pwallace_110041Nimbostratus
The iRule currently rejects only VPN clients but don't want it to reject anyone but only redirect to https.
- pwallace_110041NimbostratusThe iRule currently rejects only VPN clients but don't want it to reject anyone but only redirect to https.
- Michael_JenkinsCirrostratus
If you change your iRule and remove the
from the responds, does it make a difference?noserver
when HTTP_REQUEST { if { [HTTP::method] eq "GET" or [HTTP::uri] starts_with "/cx/facebook/" } { set url "https://[getfield [HTTP::host] ":" 1][HTTP::uri]" HTTP::respond 301 "Location" "$url" "Connection" "close" } else { HTTP::respond 405 content { you must use ssl to access this resource } "Connection" "close" } }
- pwallace_110041Nimbostratus
We took out all iRules that followed this rule from the vip and that kept the VPN connections from being closed.
Still not sure why this would only affect vpn connections but we did get around this.
- Michael_JenkinsCirrostratusWere your other iRules doing any dropping or redirecting in addition to this one? Also, you could add "event all disable" after the HTTP::respond in this iRule and see if that helps resolve the issue after adding the other iRules back on?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com