Forum Discussion

gjackson_32828's avatar
gjackson_32828
Icon for Nimbostratus rankNimbostratus
May 22, 2009

Qualys scan fails when using a irule to redirect...

Can anyone assist?

 

 

I am redirecting "exampledomain.com" to "www.exampledomain.com". To do this, I have a VIP configured for exampledomain.com and another for www.exampledomain.com.

 

 

exampledomain.com vip has an irule configured as a resource. The VIP is only open to tcp/80. The iRule redirects an HTTP request as follows:

 

 

when HTTP_REQUEST {

 

check for exampledomain.com

 

if { [HTTP::host] == "exampledomain.com" and [HTTP::uri] == "/" }{

 

when browser comes in with only exampledomain.com redirect

 

to a www.exampledomain.com

 

HTTP::redirect http://www.exampledomain.com

 

 

and everything works just fine, browser gets redirected, no problem.

 

 

now the issue...

 

 

Qualys is performing a scan of the IP address assigned to the "exampledomain.com" VIP (PCI compliance requirement...) and can't complete the scan at all. Their tools indicate "Web Server Stopped Responding".

 

 

Is anyone performing a similar redirect? Any insight as to what may/may not be happening during an external vulnerability scan that would lead to such an error and would prevent the scan from completing?

 

 

Any help would be welcome...!

 

 

Thank You.

 

Greg J
application delivery
dev
devops
iRules

1 Reply

Sort By
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    May 22, 2009
    If Qualys is doing a scan based on IP then the web server must at least send something back assuming Qualys is looking for a particular response from the webserver. I am assuming that the .exampledomain.com vip really doesn't have a working pool of web servers behind it yes?