Forum Discussion

djkromarek's avatar
djkromarek
Icon for Nimbostratus rankNimbostratus
Aug 10, 2012

iRule to pool causing http profile issues

I have the following iRule

 

when HTTP_REQUEST { if {[HTTP::uri] starts_with {/vovici/}} {pool survey} }

 

 

This iRule is on a VS that directs traffic through port 443. Only uri's with the /vovici path go to this specific pool. All other traffic goes to the default pool set on the VS. Since it is an http iRule, in order to use it on the Port 443 VS, I need to have an http profile set on the VS. The http profile is a basic http profile. The VS works and directs traffic to the correct pool. However, when running scans on the VS, it shows there is a vulnerability. If I do not use the iRule and take off the http profile from the VS on port 443, the scan shows no vulnerability. I do need to direct the traffic to this specific pool. Is there a way to do this so I can take off the http profile or is there a way to set the http profile so it will scan without a vulnerability? The first option is my preference.

 

 

Thanks,

 

Deni
  • The only way for the BIGIP to inspect the HTTP path is for it to be inspecting the HTTP, so you cannot remove the profile. What vulnerability? Maybe you can tweek the HTTP profile.
  • Is it possible to make the iRule force to SSL? Is there such a thing as https:Request?
  • Sure.

    
    when HTTP_REQUEST {
        HTTP::redirect "https://[HTTP::host][HTTP::uri]
    }
    
  • Thank you, I wasn't sure if our regular redirect to https iRule would do what I was hoping it will do. But what you posted is our regular iRule for https redirects, so I'll try it and see if it helps.