Forum Discussion
Joanna_41630
Nimbostratus
NimbostratusCreating iRule for to select ssl profile to use.
Hello, I have a situation where I have one virtual server listening on port 443, depending on the URI the vs will send it to one of two pools. The site abc.com/xyz will be sent to xyz_pool which listens on port 443, site abc.com will be sent to abc_pool which listens on port 8177 which is a mixture of clear text and ssl. I have a certificate for abc.com and have applied it to a client ssl profile, when applied to the vs abc.com works fine, but not abc.com/xyz. If I apply the default server ssl profile to the vs, it will work but not the original abc.com. I've tried writing an iRule, that goes like this:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/xyz" || "/lmn"}{
SSL::disable clientside
pool researchportal_https_pool
} else {
SSL::disable serverside
pool rush_https_pool
}
}
starting out I have both ssl profile clien and server applied. This is working too well for me, am I missing something? Has anyone done something like this? Any help will be greatly appreciated.
Thank you!
1 Reply
hoolioCirrostratus
Can you elaborate on why you're trying to disable SSL on the clientside? The SSL handshake would have already been completed by the time you parse the URI and run SSL::disable clientside. When you say port 8177 is a mixture of HTTP and HTTPS, are you saying the server will accept SSL and cleartext requests? That would be a bit atypical.
Also, to check for two URI's, you can use 'if {[HTTP::uri starts_with "/xyz"] or [HTTP::uri] starts_with "/lmn"]}' or for more efficiency, you could use switch:when HTTP_REQUEST { Check requested URI switch -glob [HTTP::uri] { "/xyz*" - "/lmn*" { URI started with /xyz or /lmn } default { URI didn't start with /xyz or /lmn } } }
Aaron
