這是本文件的舊版!
Deny SSLv3 Using aFlex
- When Client Attempt to Using SSLv3 Connect to VIP, Deny it.
- Allow Some Client to Use SSLv3 when Needed
Requirement
- Service Type: HTTPS or TCP/443(See Follow Limitation)
- TCP/443 Limitation: Only Support reject, can't be respond redirect to page.
Code
when CLIENT_ACCEPTED { # Check Remote Client IP (Remote_Addr usually means clinet IP) if { [IP::addr [remote_addr] equals 8.8.8.0/24] } { set sslpass 1 } else { set sslpass 0 } TCP::collect } when CLIENT_DATA { binary scan [TCP::payload] cS rtype sslver log "$sslpass . $sslver" # SSL 3.0 -> 768 TLS 1.0 -> 769 TLS 1.1 -> 770 TLS 1.2 -> 771 # TCP/443 and HTTPS if { ( $sslpass == 0 ) && ( $sslver <= 768 ) } { reject } # HTTPS only. If you want to redirect traffic, you can used follow line. # if { ( $sslpass == 0 ) && ( $sslver <= 768 ) } { set red 1 } } #when HTTP_REQUEST { # if {$red == 1} { # HTTP::respond 302 Location "https://tw.gamania.com/" Cache-Control No-Cache Pragma No-Cache # } #}