Forum Discussion
Martin_Kaiser_1
May 24, 2011Nimbostratus
Hi.
even trying to only create those log entries gives me some TCL errors when trying to access VS through plain http:
rule ssl_redirect_sameport {
when HTTP_REQUEST {
this is useless without "accept non-SSL connections" option in clientssl profile!
log local0. "[IP::client_addr]:[TCP::client_port]: cipher name: [SSL::cipher name], version: [SSL::cipher version], bits: [SSL::cipher bits]"
if { not ( [SSL::cipher version] contains "SSL" ) } {
HTTP::redirect https://[HTTP::host]:[TCP::local_port][HTTP::uri]
}
}
May 24 12:29:55 tmm3 tmm3[29219]: 01220001:3: TCL error: ssl_redirect_sameport - Error: SSL hudfilter not reached or not in chain (line 1) invoked from within "SSL::cipher name"
https access works properly, doesn't throw any errors and by the way: yes, you're right the cipher version contains TLS instead of SSL:
May 24 12:40:26 tmm6 tmm6[29222]: Rule ssl_redirect_sameport : a.b.c.d:4612: cipher name: RC4-SHA, version: TLSv1, bits: 128
When writing the iRule with the following if-clause, it works perfectly:
if {not ([catch {SSL::cipher version} result]) && $result ne "none"}
After looking up the catch TCL command with respect to those experienced errors, now I truly understand its purpose üôÇ
many thanks for the lesson!
Martin