Forum Discussion
Martin_Kaiser_1
May 18, 2011Nimbostratus
Redirect http client to https on same non-default port
Hi guys,
I have a customer request of which I'm unsure whether it can be done at all or not:
I have a virtual https server on a BigIP running 10.2.0HF2. The virtual server is not r...
Martin_Kaiser_1
May 24, 2011Nimbostratus
Hi.
even trying to only create those log entries gives me some TCL errors when trying to access VS through plain http:
rule ssl_redirect_sameport {
when HTTP_REQUEST {
this is useless without "accept non-SSL connections" option in clientssl profile!
log local0. "[IP::client_addr]:[TCP::client_port]: cipher name: [SSL::cipher name], version: [SSL::cipher version], bits: [SSL::cipher bits]"
if { not ( [SSL::cipher version] contains "SSL" ) } {
HTTP::redirect https://[HTTP::host]:[TCP::local_port][HTTP::uri]
}
}
May 24 12:29:55 tmm3 tmm3[29219]: 01220001:3: TCL error: ssl_redirect_sameport - Error: SSL hudfilter not reached or not in chain (line 1) invoked from within "SSL::cipher name"
https access works properly, doesn't throw any errors and by the way: yes, you're right the cipher version contains TLS instead of SSL:
May 24 12:40:26 tmm6 tmm6[29222]: Rule ssl_redirect_sameport : a.b.c.d:4612: cipher name: RC4-SHA, version: TLSv1, bits: 128
When writing the iRule with the following if-clause, it works perfectly:
if {not ([catch {SSL::cipher version} result]) && $result ne "none"}
After looking up the catch TCL command with respect to those experienced errors, now I truly understand its purpose üôÇ
many thanks for the lesson!
Martin
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects