F5 BIG-IP Virtual Edition v11.4.1 (Build 635.0) LTM on ESXi
Within an iRule, I know how to enable/disable SSL on a request to be routed :
pool pool-01
SSL::disable serverside
return
However, is it possible to accomplish same via a profile ?
EmployeeNot in a profile, but definitely in an LTM policy. In the general properties of a policy, select whatever data point you need in the Requires section, and forwarding (for the pool) and server-ssl (to disable server side SSL) in the Controls section. Then build your rules accordingly.
CumulonimbusAs Kevin first suggested, Local traffic policies allow to replace most of irules. there is a bug in the 11.4 version, but is corrected in 11.5.
You can start with the following workaround allowing to use Policies with a small irule doing which is impossible in policy. (iRule HTTP_REQUEST event occurs after Policy Request event)
There is a workaround allowing to use Local traffic policies to disable SSL server side: create the rule action
tcl variableadd the following irule and assign it to the VS:
when HTTP_REQUEST {
if {([info exists "ssldisable"]) && $ssldisable } {
SSL::disable serverside
}
}
When you will upgrade to 11.5, you only have to replace the
set variableserver-ssl disable