Can one set an SSL Server Profile based on the pool member used?

Hi Dayton,

 

 

You stated " I need to somehow set an SSL Server profile to re-encrypt if the pool member used is that of the other datacenter IP address. The HTTPS virtual server is only using a client SSL profile (unencrypt) currently."

 

 

I have done something similar, but what I was working on was encrypting traffic to a specific pool of servers on an HTTP Virtual Server, which is very similar to what you are doing because your configuration is SSL Offload.

 

 

First, you will need to assign the SSL Profile (Server) to something (either the default "serverssl" or the one that you want to use specifically for this traffic, either way, set it to something). It does not matter because you will be disabling the SSL Profile first thing anyway (so that the rest of the Virtual Server still acts as if it is SSL Offloaded).

 

 

Write the rest of your iRule routing to this special set of servers as normal (because later in your iRule (the SERVER_CONNETED Event) you will list the conditions to Enable the SSL Profile, and at the same time you can choose the SSL Profile in the same event.

 

 

Try integrating the following:

 

 

when CLIENT_ACCEPTED {
        I want the Virtual Server to be SSL Offload unless it needs to be encrypted to the Server.
        SSL::disable serverside
}
when SERVER_CONNECTED {
        if { ([string tolower [LB::server pool]] eq The.Special.SSL.Pool ) } {
                SSL::enable serverside
        }
        else {
                Insurance to make sure that if it is enabled anywhere else that it is disabled.
                SSL::disable serverside
        }
}

 

 

In the above code I triggered it on the Pool Name, but you can easily change this to [LB::server addr] and list the Server IP Address to trigger the SSL Profile Enable.

 

 

Hope this helps.