For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

foohoo_219332's avatar
foohoo_219332
Icon for Nimbostratus rankNimbostratus
Aug 27, 2015

Redirect when a specific error is encountered

Hi Guys,

 

First let me apologise, I'm pretty new to this type of thing and coming from a software development background!

 

I have a situation where, due to security, we are only able to allow access to our website when the user is able to use TLS 1.2 (or above). We are now finding that there are users using old browsers that don't have the ability to use TLS 1.2 and therefore not able to connect to the website.

 

I have 2 web servers behind the load balancer and I am led to believe that I might be able to add a rule at the load balancer level which will either detect the error we encounter when a user tries to connect with a incompatible browser or detect the browser (and version) itself and redirect to a page which we can then offer more explanation as to what they can do.

 

Is this possible? And what should I be looking at to accomplish this?

 

Many thanks for your help and sorry about the very vague explanation!

 

availability
BIG-IQ
design
management
security

2 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 27, 2015

    So just to clarify, you don't simply want to kill any non-TLS1.2 clients, but rather send them all to an error page?

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Aug 27, 2015

    That's pretty straight forward:

    when HTTP_REQUEST {
    if { not ( [SSL::cipher version] eq "TLSv1.2" ) } {
        HTTP::respond 200 content "You need to use TLSv1.2"
    }
}

    You can put anything you want in that HTTP::respond message, include pure HTML syntax. You also of course need to allow the lower ciphers (within reason).