Forum Discussion

Altostratus

Jul 15, 2013

enable ssl serverside for specific uri

I don't want to enable ssl profile of server side in virtual server but I want to enable ssl server side for some url ,such as /xyz how to achieve this?

Employee

Jul 16, 2013

you have to assign serverssl profile to virtual server but disabling/enabling it in irule.

e.g.

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo80
   destination 172.28.19.252:443
   ip protocol 6
   rules qux
   profiles {
      clientssl {
         clientside
      }
      http {}
      serverssl {
         serverside
      }
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo80 list
pool foo80 {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b pool foo443 list
pool foo443 {
   members 200.200.200.101:443 {}
}
[root@ve10:Active] config  b rule qux list
rule qux {
   when HTTP_REQUEST {
  SSL::disable serverside
  if { [HTTP::uri] starts_with "/xyz" } {
    SSL::enable serverside
    pool foo443
  }
}
}

[root@ve10:Active] config  curl -Ik https://172.28.19.252/
HTTP/1.1 200 OK
Date: Tue, 16 Jul 2013 14:23:30 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 23 May 2013 00:28:46 GMT
ETag: "4185a8-59-c3efab80"
Accept-Ranges: bytes
Content-Length: 89
Connection: close
Content-Type: text/html; charset=UTF-8

[root@ve10:Active] config  curl -Ik https://172.28.19.252/xyz/
HTTP/1.1 200 OK
Date: Tue, 16 Jul 2013 14:23:33 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 16 Jul 2013 14:22:22 GMT
ETag: "468841-59-b48d8380"
Accept-Ranges: bytes
Content-Length: 89
Connection: close
Content-Type: text/html; charset=UTF-8

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)