For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rajendra_129865's avatar
Rajendra_129865
Icon for Nimbostratus rankNimbostratus
May 28, 2014

Enable and Apply Server SSL Profile through iRule

Hi All,

 

We have configured an HTTPS VIP on F5 LTM. This VIP serves access for multiple URIs/connections. Now we have received a request to transfer the connection to HTTPS pool. Here application team has configured servers with SSL certificate and HTTPS service. But the site is not accessible.

 

VIP details are listed below. Kindly advise how I can enable Server SSL profile.

 

virtual vs.LB_VIP_https { snat automap pool default_pool destination LB_VIP:https ip protocol tcp rules rule_switchconnection persist cookie profiles { http_xforward {} oneconnect {} tcp {} SSL_CERT { clientside } } }

 

rule rule_switchconnection { when HTTP_REQUEST {

 

switch -glob [HTTP::uri] {

 

"/AAA" { pool AAAServers_http } "/BBB" { pool BBBServers_http } "/CCC" { pool CCCServers_http } "/DDD" { pool DDDServers_https } } }

 

pool DDDServers_https { monitor all https members { 1.1.1.1:https {} 2.2.2.2:https {} } }

 

Thanks, Rajendra

 

application delivery
devops
iRules

1 Reply

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    May 28, 2014

    you have to assign serverssl profile to the virtual server and disable/enable it in irule.

    e.g.

    when HTTP_REQUEST {
  SSL::disable serverside
  switch -glob [HTTP::uri] {
    "/AAA" { pool AAAServers_http } 
    "/BBB" { pool BBBServers_http } 
    "/CCC" { pool CCCServers_http } 
    "/DDD" { 
      SSL::enable serverside
      pool DDDServers_https 
    } 
  }
}