Forum Discussion
NimbostratusDisabling SSL based on URI
Currently we have a virtual server that handles SSL traffic and send it to a pool of webservers over port 443. While ideally we would terminate SSL on the F5 and just sent HTTP traffic to the servers, our current application doesn't handle this well, so we're working towards that.
In the meantime, I'm working on an iRule that sends requests to a different server pool, depending on the contents of the uri. The current iRule is as follows:
when HTTP_REQUEST {
if { [HTTP::path] starts_with "/keyword" } {
pool pool_keyword.foo.bar.net_http
}
}
When this rule is applied to a virtual server that uses only HTTP, this works fine. However, the virtual server for HTTPS obviously has issues, as it tries to apply the SSL profile to the traffic going in between the F5 and the webservers. This doesn't work, as the webservers for this specific application can not run over SSL. Is there a way to disable the SSL profile for requests that match this iRule?
1 Reply
Hi Landono,
You can make use of the "SSL::disable serverside" command. Be sure to specify this command before the pool command, as shown below:
when HTTP_REQUEST { if { [HTTP::path] starts_with "/keyword" } { SSL::disable serverside pool pool_keyword.foo.bar.net_http } }You can get more information on this command here: https://devcentral.f5.com/wiki/iRules.ssl__disable.ashx
