Forum Discussion
Change SSL profile based on URI
Matjaz_Lenarcic The following should work but you will most likely have to have a OneConnect profile associated to the Virtual Server in question with a /32 netmask for it to balance you to either path after one has been matched.
when CLIENT_ACCEPTED priority 500 {
set DEFAULT_POOL [LB::server pool]
}
when HTTP_REQUEST priority 500 {
set PATH [string tolower [HTTP::path]]
if { ${PATH} == "/app1"} {
pool POOL-pool1
SSL::profile SERVERSSL_profile1
} elseif { ${PATH} == "/app2"} {
pool POOL-pool2
SSL::profile SERVERSSL_profil2
} else {
pool $DEFAULT_POOL
}
}
Personally I don't see any reason to have two different SSL Server Profiles unless you are performing an exact match to the server side SSL key and cert and instead I would use a generic SSL Server Profile and let the F5 act just like any other SSL client would when connecting to a site. If you configured what I mentioned then you only have to decide which pool to balance to rather than pool and specific SSL Server Profile.
- Matjaz_LenarcicMar 06, 2024Nimbostratus
Thank for the response, I know the solution with generic serverssl profile, but using generic serverssl I received secure connection failed and dont know why?
- zamroni777Mar 06, 2024Nacreous
what are the differences between the 2 ssl server profiles?
if they are just cipher list, then can use single ssl profile with cipher matching both pools.usually the ssl setup errors can be seen in tcpdump.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com