VIP with SSL certs and Simple URL Append iRule Help
Hi, Wondering if anyone could help me, I'm a beginner when it comes to TCL scripting so I'm hoping someone could shed some light with appending a link to an SSL URL using an iRule. My issue... VIP configured with SSL profile with both client and server-side encryption profiles (its company security policy requirement that client to F5 and F5 to web server communication be encrypted) np, works 100%, however, I need users who connect to (VIP) https://website.testdomain.com/ to be forwarded to https://website.testdomain.com/users/signon.html I've created an iRule and added it to the SSL VIP using the following, however, it still does not append the URL, what am I missing? when HTTP_REQUEST { if { [HTTP::path] equals "/" } { HTTP::redirect "/users/signon.html" } } Thanks in advance!
Connection terminates/closes with Server SSL Profile --> Server Authentication --> Server Certificate parameter set to require
I have one F5 LTM and one server in its pool. Connection is encrypted end-to-end. Client to F5 is 443. And F5 LTM to server is 443. F5, subsequently, has Client SSL Profile and Server SSL Profile enabled. For reference to Server SSL Profile, please see the Overview of the Server SSL profile article. I observed that F5 LTM was not validating the server certificate. I can choose any server certificate on server-side, no problem. I ran a Wireshark trace on the server to confirm and observed, yes, F5 accepts the server certificate. Was able to confirm F5 is configured with default Server SSL Profile settings, which means Server Certificate parameter (under Server Authentication section), is set to Ignore, since that is the default. (An aside to the main topic is why would Ignore be the default or even an option? Why wouldn't you want to close a security loophole, however low risk it must be? What is a legitimate purpose for ignoring server certificate validation, aside from things like dev work, testing, and troubleshooting?) Set the Server Certificate to Require and website could not load. HTTP 500 error. Connection was terminated reset/closed). From the Wireshark trace on the server side, it appears the SSL handshake completes but then the connection closes, e.g. [FIN, ACK]. Not precisely sure why this one configuration change causes the connection to terminate. To my recollection, Authenticate Name is currently blank. Of course, if this problem can be solved, that parameter will be set to the server's FQDN. I'd be most grateful for any help on what I may be missing or doing incorrectly. Thank you for your time.