Forum Discussion
Command for HTTP header insertion to insert an SSL session ID
What is the command for HTTP header insertion to insert an SSL session ID as a header into an HTTP request for BIGIP 9.0
Our 9.0 manaula states, on Chapter 9 pg2:
You can also use an iRule to enable persistence for SSL-terminated requests, that is, requests that the LTM system terminates by performing decryption and re-encryption and by handling SSL certificate authentication.
In this type of iRule, you can use an HTTP header insertion iRule command to insert an SSL session ID as a header into an HTTP request.
Would this work:
rule uri_persist {
when HTTP_REQUEST {
set srvid [findstr [URI::query [HTTP::uri]] "srvid=" 6 ";"]
if { $srvid ne "" } {
persist uie $srvid
}
}
}
- Ok, you seem to be asking several things here:
So, for your first question. Yes, you can enable persistence for SSL requests. It actually does not matter whether the SSL is terminated and/or re-encrypted. SSL session id persistence can work as long as a SSL sessionid is present on the clientside. To enable this type of persistence you need to add a persist profile of type ssl to the virtual server (you can then additionally use an iRule to select between persistence types and/or disable the persistence).
Second, if you would like to insert an HTTP header with the ssl session id, you can either use the header insert profile option in the http profile like so:profile http my_http { header insert "SSLClientSessionID: [SSL::sessionid]" }
or using a rule:rule insert_ssl_session_id { when HTTP_REQUEST { HTTP::header insert [SSL::modssl_sessionid_headers] } }
And lastly, if you are trying to persist based on the srvid query string, then yes, that iRule looks good. - Thanks, this answers everything
