Forum Discussion

Nimbostratus

Aug 18, 2010

'generic' detect SSL::mode irule

I swear I had this working a long time ago on 9.4. I'm on 10.2 now and currently have a default irule that we use for all vips (http and https) as well as an additional irule we use for all https vip...

Cirrostratus

Sep 20, 2010

I think SSL::mode still exists but the validation around it has been tightened:


when HTTP_REQUEST {

   set ssl_mode_cmd "SSL::mode"
   if { [eval $ssl_mode_cmd] == 1 } {
      HTTP::header replace SSLMode "True"
   } else {
      HTTP::header remove SSLMode
   }
}

Setting isSSL to 0 or 1 won't actually modify the request in any way. And checking the port won't stop someone from sending HTTP on port 443.

Aaron

Forum Discussion

'generic' detect SSL::mode irule

Recent Discussions

What is the meaning is 52% block in WAF

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Portal Access to HTTPS resources slow

How to Implement 2 Way SSL in F5 LTM

Related Content

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Integrating SSL Orchestrator with CheckPoint Firewall VM-Bridge Mode (L2)

SSL Orchestrator Advanced Use Case: One-Armed Mode

Implementing SSL Orchestrator - L2 Mode Deployment

Implementing SSL Orchestrator - L3 Mode Deployment