Forum Discussion
Matjaz_Lenarcic
Nimbostratus
NimbostratusChange SSL profile based on URI
Hi all, I have a big problem with my configuration. I have one VirtualServer with SSL Client profile and two backend server on two different pool with two different SSL server profile. I have d...
Paulius
MVP
MVPMatjaz_Lenarcic The following should work but you will most likely have to have a OneConnect profile associated to the Virtual Server in question with a /32 netmask for it to balance you to either path after one has been matched.
when CLIENT_ACCEPTED priority 500 {
set DEFAULT_POOL [LB::server pool]
}
when HTTP_REQUEST priority 500 {
set PATH [string tolower [HTTP::path]]
if { ${PATH} == "/app1"} {
pool POOL-pool1
SSL::profile SERVERSSL_profile1
} elseif { ${PATH} == "/app2"} {
pool POOL-pool2
SSL::profile SERVERSSL_profil2
} else {
pool $DEFAULT_POOL
}
}Personally I don't see any reason to have two different SSL Server Profiles unless you are performing an exact match to the server side SSL key and cert and instead I would use a generic SSL Server Profile and let the F5 act just like any other SSL client would when connecting to a site. If you configured what I mentioned then you only have to decide which pool to balance to rather than pool and specific SSL Server Profile.
Matjaz_LenarcicThank for the response, I know the solution with generic serverssl profile, but using generic serverssl I received secure connection failed and dont know why?
- zamroni777
Nacreous
what are the differences between the 2 ssl server profiles?
if they are just cipher list, then can use single ssl profile with cipher matching both pools.usually the ssl setup errors can be seen in tcpdump.
