Forum Discussion

Sonny's avatar
Sonny
Icon for Cirrus rankCirrus
May 09, 2008

HTTPS Redirects

Sorry if this has already been posted. I was trying to come up with an iRule that would redirect users who do NOT have TLS checked on their browsers to a specific page on the same server or a different server. Without TLS checked, the user will get a "page cannot be displayed". We don't want them to see this... instead we want them to make the necessary setting change. So this rule would key off the failed TLS connections. I know there's a lot of iRule pros out there so chime in... I just don't use it that much...
application delivery
dev
devops
iRules

4 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 09, 2008

    Hi,

     

    There is a Codeshare example which checks the cipher bit level and sends a redirect if it's below 128:

     

    http://devcentral.f5.com/wiki/iRules.RedirectOnWeakEncryption.ashx

     

    You could tweak that to get the cipher name or version:

     

    http://devcentral.f5.com/wiki/iRules.ssl__cipher.ashx

     

    Aaron

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 12, 2008
    If you end up using a variant of the current codeshare example, could you add it to that codeshare page?

     

     

    Thanks,

     

    Aaron
  • Sonny's avatar
    Sonny
    Icon for Cirrus rankCirrus
    May 23, 2008
    Yeah, we used crafted it to this:

     

     

     

    when HTTP_REQUEST {

     

    if { [SSL::cipher version] == "TLSv1"} {

     

    log local0. "client [IP::client_addr] ssl [SSL::cipher bits] version [SSL::cipher version]"

     

    pool pool_name

     

    } else {

     

    Now use one of the destination commands

     

    Either specify a pool

     

    pool pool_tls_redirect

     

    or to a specific node

     

    node 10.10.10.10

     

    or redirect to a specific URL

     

    HTTP::redirect "http://some_address/sorry.html"

     

    }

     

    }