Forum Discussion
Durga_Dash_2124
Jun 02, 2008Nimbostratus
Yes i had finally reached there tinkering with the rules....Coz i realised the SSLCipher will not work when it is a request over port 80 with no SSLprofile..
This was my final rule..
----------------------------------
when HTTP_REQUEST {
If redirect_http_to_https is enabled and the request was made to an HTTP port, redirect the client to the same host/URI over HTTPS
if { ($::redirect_http_to_https == 1 or ([info exists redirect_http_to_https] && $redirect_http_to_https)) && \
([info exists vip_http_port] && $vip_http_port==1)}{
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
if {$::debug}{log local0. "redirecting client [IP::client_addr] to https://[getfield [HTTP::host] \":\" 1][HTTP::uri]"}
}
if { [TCP::local_port] == 443 }{
HTTP::header insert SSLClientCipher [SSL::cipher name],\x20version=[SSL::cipher version],\x20bits=[SSL::cipher bits]
}
}
--------------
I just added a check for TCP::local_port before trying to insert the SSL cipher.
Now that i have finally got it working..I have one last question..
Are there any negatives in setting up my virtual servers this way with the single irule for both http and https requests? (like more cpucycles)....instead of the traditional two virtual servers one for 80 and one for 443?
..and thanks a lot guys for the responses and help.
Durga.