Forum Discussion
John_Godman_431
Nimbostratus
NimbostratusCan iRule enable/disable serverssl profile?
Hello,
I have an iRule (9.1) currently selecting pools based on URI. The virtual server is configured for both clientssl and serverssl profiles. Now I need to add another pool, also to be selected based on URI -- except that I can't enable SSL for these servers.
Since the serverssl profile is based on the virtual server, it wants it to be on for all pools. Is it possible to disable it for one pool using the iRule?
Thanks in advance for your help!!
John Godman
jgodman@gosps.com
4 Replies
Brian_Gupta_115
John_Godman_431Thanks very much for your reply! In the sample code you reference, I can't see where the serverssl profile is disabled. Is it the "set usessl 1" and "set usessl 0" statments? I thought these were just setting a variable, no?
However, I searched for "usessl" and saw it in another post along with the code:
when SERVER_CONNECTED {
if { $usessl == 0 } {
SSL::disable
}
}
Is that the "magic" code that disables SSL? I do need to keep SSL on for the connection to the clients -- I just need to disable it to the pool servers.
Thanks again, and sorry if this is a newbie question.
-John
jgodman@gosps.com- Brian_Gupta_115Good catch... I forgot to post that portion of my rule... I updated it..
Since serverssl is a property of the VIP, vs the pool, you need to write an iRule.
SSL:disable is the correct command. I use a variable because I am making the decision of which pool to use during the HTTP_REQUEST event, and am disabling the serverssl profile during the SERVER_CONNECTED event.
-Brian - John_Godman_431Great! I'll try it -- thank you very much!
-John
jgodman@gosps.com
