For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dlogsdonmd's avatar
dlogsdonmd
Icon for Nimbostratus rankNimbostratus
Aug 03, 2017

Need iRule to Redirect TLS 1.0 Traffic to Maintenance Page

Hello,

 

We will be disabling TLS1.0 on our SSL client profiles in the cipher section using: "DEFAULT:!SSLv3:!RC4:!TLSV1"

 

We do still see traffic coming in though so want to create an irule to redirect that traffic to a maintenance page that will provide links to sites that will tell them how to adjust their browser settings.

 

I'm looking for someone to help me write that rule as I don't know how to start.

 

Thanks in advance!

 

Diane

 

application delivery
iRules
LTM

2 Replies

  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    Aug 03, 2017

    Hello,

    Try the following irule 

    when HTTP_REQUEST {
    if { [SSL::cipher version] eq "TLSv1" } {

        HTTP::respond 200 content {
          
             
                Apology Page
             
                
                    We are sorry, but the site you are looking for is temporarily out of service
                    If you feel you have reached this page in error, please try again.
                
          
        }
    } else {
      log local0. "SSL Protocol version  [SSL::cipher version]"
    }
}

    Hope it helps

    Regards

  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    Aug 04, 2017

    Please use the following irule (copy it as it is 😄

    when HTTP_REQUEST {
    if { [SSL::cipher version] eq "TLSv1" } {
       HTTP::respond 200 content [ifile get "/Common/NoTLSv10_iFile.html"] noserver "Content-Type" "text/html" "Cache-Control" "no-cache, must-revalidate" "Connection" "Close"
    } else {
      log local0. "SSL Protocol version  [SSL::cipher version]"
    }
}