Forum Discussion
Dayton_Gray_103
Nimbostratus
NimbostratusCan one set an SSL Server Profile based on the pool member used?
I have a fairly convoluted scenario.
I am sending HTTP traffic to local web servers (using NAT) as well as to an internet facing address at another datacenter (using a SNAT pool). All addresses ar...
nitass
Employee
Employeeis this applicable?
[root@ve1023:Active] config b virtual bar list
virtual bar {
snat automap
pool foo
destination 172.28.65.152:https
ip protocol tcp
rules myrule
profiles {
clientssl {
clientside
}
http {}
serverssl {
serverside
}
tcp {}
}
}
[root@ve1023:Active] config b pool foo list
pool foo {
members {
200.200.200.101:http {}
200.200.200.102:https {}
}
}
[root@ve1023:Active] config b rule myrule list
rule myrule {
when LB_SELECTED {
if {[LB::server port] equals "80"}{
SSL::disable serverside
}
}
when HTTP_RESPONSE {
log local0. "[IP::client_addr]:[TCP::client_port] -> [IP::remote_addr]:[TCP::remote_port]"
}
}
[root@ve1023:Active] config curl -Ik https://172.28.65.152
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2011 06:46:27 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 08 Nov 2011 12:26:29 GMT
ETag: "4183f1-30-47e02740"
Accept-Ranges: bytes
Content-Length: 48
Connection: close
Content-Type: text/html; charset=UTF-8
[root@ve1023:Active] config
Nov 15 22:46:36 local/tmm info tmm[4766]: Rule myrule : 172.28.65.150:50401 -> 200.200.200.102:443
[root@ve1023:Active] config curl -Ik https://172.28.65.152
HTTP/1.1 200 OK
Date: Wed, 16 Nov 2011 06:46:53 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
ETag: "4183e4-3e-9c564780"
Accept-Ranges: bytes
Content-Length: 62
Connection: close
Content-Type: text/html; charset=UTF-8
[root@ve1023:Active] config
Nov 15 22:46:39 local/tmm info tmm[4766]: Rule myrule : 172.28.65.150:50402 -> 200.200.200.101:80