Forum Discussion
Eddie_27920
Nimbostratus
NimbostratusBeginner Help with an HTTPS iRule
Hi all,
This is what I thought would work to look at the HTTPS request and use 2 different pools to send the traffic to. Everything I've looked at in DevCentral always has HTTP examples. Can I not look at the url and make a iRule determination?
when HTTPS_REQUEST {
if { [HTTPS::path] contains "chat.mesaaz.gov" }{
pool chat.mesaaz.gov_pool
} elseif { [HTTPS::path] contains "ocs.mesaaz.gov" }{
pool ocs.mesaaz.gov_pool
} else {
pool default_gateway_pool
}
}
Thanks,
Eddie
4 Replies
- The_BhattmanHi Eddie,
First HTTPS_REQUEST and HTTPS::path doesn't exist (but we all wish it did 😉 ). Second, if you are passing HTTPS traffic through the load balancer instead of offloading the SSL traffic, then everything will be encrypted, except the hostname and port.
If you are offloading SSL traffic on the BIGIP then it's possible to usewhen HTTP_REQUEST { if { [HTTP::path] contains "chat.mesaaz.gov" }{ pool chat.mesaaz.gov_pool } elseif { [HTTP::path] contains "ocs.mesaaz.gov" }{ pool ocs.mesaaz.gov_pool } else { pool default_gateway_pool } }
Because the assumption here is that Client to VIP is SSL and then VIP to load balanced node is HTTP.
Hope that helps
CB 
Eddie_27920Hi thanks for your response but the back-end servers are HTTPS.
I wanted to just use one VIP for both pools but the websites are secure and the VIP/POOLS are all set up to be https only traffic.
So I'm hearing that this will not work with a secure website? Is that correct?
Thanks again,
Eddie- The_BhattmanNot in the manner you want control it.
CB - dennypayne
Employee
Posted By cmbhatt on 02/17/2009 7:14 AM
Because the assumption here is that Client to VIP is SSL and then VIP to load balanced node is HTTP.
This will also work if you re-encrypt on the back end, that is, use both a clientssl and a serverssl profile such that LTM is doing the decryption and can read the HTTP request and apply the rule. But the VIP back to the node *can* be SSL as well if you re-encrypt.
Denny
