For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

andyr0ck_5031's avatar
andyr0ck_5031
Icon for Nimbostratus rankNimbostratus
Jun 13, 2008

Selective SSL rewrite by hostname

Hi,     I'm running a Blackboard e-learning system with SSL offload using a simple rewrite rule to only encrypt text/html (due to problems with binary formats) and I need to also exclude an...
application delivery
dev
devops
iRules
andyr0ck_5031's avatar
andyr0ck_5031
Icon for Nimbostratus rankNimbostratus
Jul 08, 2008
Thanks, Aaron. Yes, it's the client IP we're after. The problem wasn't with this rule, it was with a 'catch-all' rule we had listening on the insecure port to redirect all traffic to the SSL port. Turnitin seems to require to connect on 80 then renegotiate to 443. I hashed together this out of your code:

 

 

when HTTP_REQUEST {

 

 

Remove the Pragma header

 

HTTP::header remove "Pragma"

 

 

if { ([IP::addr [IP::client_addr] equals 208.57.158.0/255.255.255.0]) } {

 

 

} else { HTTP::redirect https://[HTTP::host][HTTP::uri]

 

 

}

 

 

}

 

 

cheers,

 

Andy