Forum Discussion
Cindy_127211
Nimbostratus
NimbostratusSSL Redirect Rule results in unlimited GETS occurring
I am using the following redirect rule to detect SSL certificate version and number of encryption bits. The match seems to work as expected; however, the results are not at all what I would expect. I can see in the HTTP log and via a tcpdump that instead of one GET to the page, the same 'GET' occurs unlimited number of times (and, doesn't stop until I close the browser. Following is the rule that I am using:
rule SSLV2_Encrypt_ACS_sbox {
when HTTP_REQUEST {
HTTP::header insert "Custom" "amc:443"
HTTP::header insert "CipherVersion" [SSL::cipher version]
HTTP::header insert "CipherBits" [SSL::cipher bits]
if { ![matchclass [SSL::cipher version] equals $::CipherVersion] and [SSL::ciphe
r bits] > 127 } {
use pool acs80sbox
} elseif { [HTTP::uri] starts_with "/encryptcode/" }
{
pool acs80sbox }
else {
HTTP::redirect https://[HTTP::host]/encryptcode/encryption_notice.jsp}
}
}
For instance, if I enter the following command:
https://www.sbox.americancentury.com/login/LoginServlet
All I see in the HTTP logs is multiple 'GETS' to the LoginServlet page. What am I doing wrong here?
2 Replies
Cindy_127211I can see in the HTTP Logs that the 'Get' is responding with a 301 status code. This probably has something to do with the problem I'm experiencing, but I don't know what and what I should do about it.
10.173.40.211 - - [13/Feb/2006:12:15:54 -0600] "GET /login/LoginServlet HTTP/1.1" 301 271 "http://www.sbox.americancentury.com/index.jsp" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" "PERSID=19290df1%3A10956c58658%3A-8000; count=11; BIP=384806154.20480.0000; s_cc=true; s_sq=amcentmain%3D%2526pid%253Dhttp%25253A//www.sbox.americancentury.com/index.jsp%2526oid%253Dhttp%25253A//www.sbox.americancentury.com/images/log_in_bttn.gif%2526ot%253DIMAGE%2526oi%253D77" "-"
10.173.40.211 - - [13/Feb/2006:12:15:54 -0600] "GET /login/LoginServlet HTTP/1.1" 301 271 "http://www.sbox.americancentury.com/index.jsp" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" "PERSID=19290df1%3A10956c58658%3A-8000; count=11; BIP=384806154.20480.0000; s_cc=true; s_sq=amcentmain%3D%2526pid%253Dhttp%25253A//www.sbox.americancentury.com/index.jsp%2526oid%253Dhttp%25253A//www.sbox.americancentury.com/images/log_in_bttn.gif%2526ot%253DIMAGE%2526oi%253D77" "-"
10.173.40.211 - - [13/Feb/2006:12:15:55 -0600] "GET /login/LoginServlet HTTP/1.1" 301 271 "http://www.sbox.americancentury.com/index.jsp" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" "PERSID=19290df1%3A10956c58658%3A-8000; count=11; BIP=384806154.20480.0000; s_cc=true; s_sq=amcentmain%3D%2526pid%253Dhttp%25253A//www.sbox.americancentury.com/index.jsp%2526oid%253Dhttp%25253A//www.sbox.americancentury.com/images/log_in_bttn.gif%2526ot%253DIMAGE%2526oi%253D77" "-"
10.173.40.211 - - [13/Feb/2006:12:15:55 -0600] "GET /login/LoginServlet HTTP/1.1" 301 271 "http://www.sbox.americancentury.com/index.jsp" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)" "PERSID=19290df1%3A10956c58658%3A-8000; count=11; BIP=384806154.20480.0000; s_cc=true; s_sq=amcentmain%3D%2526pid%253Dhttp%25253A//www.sbox.americancentury.com/index.jsp%2526oid%253Dhttp%25253A//www.sbox.americancentury.com/images/log_in_bttn.gif%2526ot%253DIMAGE%2526oi%253D77" "-"- Looks like you have a redirect loop. Could it be that your server is redirecting to /images/log_in_bttn.gif but then your iRule is redirecting back to /encrpytcode/encryption_notice.jsp??
