Forum Discussion
Kory_52080
Nimbostratus
NimbostratusEnable/Disable ProxySSL in iRule
Is there a way to enable and disable the ProxySSL feature of an assigned client or server SSL profile within an iRule?
I have a virutal server that hosts many different application. Pools and whether or not a serverside SSL profile is required are assigned based on URI. All site except one have SSL terminated at the BIGIP. However, one not only requires server side SSL but also requires that the client certificate be passed through to the server for authentication.
ProxySSL requires that both the client and server SSL profile have the feature turned on, but when I assign the profile to the virtual server the sites that don't need server side SSL stop working.
Any help would be appreciated.
Kevin_Davies_40Nacreous
See SSL::disable
if {[HTTP::uri] equals "/myapplication"} { SSL::disable }This will disable SSL depending on URI. You can use HTTP::host or other commands as well.
- Kevin_Davies_40
Alternatively if you want to switch SSL profiles to one with the options you need then use SSL::profile
when HTTP_REQUEST { set uri [HTTP::uri] } when SERVER_CONNECTED { if {$uri equals "/myapplication" } { SSL::profile serverssl_profile } }This will switch the SSL profile to the specified. This must occur before the serverside SSL negotiation has occurred or you will need to use SSL:renegotiate.
- Kevin_Davies_40If any of the below posts have provided a solution to your issue, please indicate so by clicking the tick to the left of them. This gives feedback and recognition to the volunteers who responded to your issue :-)