Forum Discussion
djkromarek
Nimbostratus
Aug 10, 2012iRule to pool causing http profile issues
I have the following iRule
when HTTP_REQUEST { if {[HTTP::uri] starts_with {/vovici/}} {pool survey} }
This iRule is on a VS that directs traffic through port 443. Only uri's with the /vovici path go to this specific pool. All other traffic goes to the default pool set on the VS. Since it is an http iRule, in order to use it on the Port 443 VS, I need to have an http profile set on the VS. The http profile is a basic http profile. The VS works and directs traffic to the correct pool. However, when running scans on the VS, it shows there is a vulnerability. If I do not use the iRule and take off the http profile from the VS on port 443, the scan shows no vulnerability. I do need to direct the traffic to this specific pool. Is there a way to do this so I can take off the http profile or is there a way to set the http profile so it will scan without a vulnerability? The first option is my preference.
Thanks,
Deni
- Brian_69413
Nimbostratus
The only way for the BIGIP to inspect the HTTP path is for it to be inspecting the HTTP, so you cannot remove the profile. What vulnerability? Maybe you can tweek the HTTP profile. - djkromarek
Nimbostratus
Is it possible to make the iRule force to SSL? Is there such a thing as https:Request? - Brian_69413
Nimbostratus
Sure.when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri] }
- djkromarek
Nimbostratus
Thank you, I wasn't sure if our regular redirect to https iRule would do what I was hoping it will do. But what you posted is our regular iRule for https redirects, so I'll try it and see if it helps.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects