Forum Discussion

Stig_Dahl_82658's avatar
Stig_Dahl_82658
Icon for Nimbostratus rankNimbostratus
May 08, 2008

Finding out ssl::mode on serverside

I use a vip that has serverssl enabled. On one specific pool I should use "SSL::enable serverside" and on the others "SSL::disable serverside".     This works fairly well, but how do I find...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
May 12, 2008
You can check for a serverssl profile with the PROFILE::exists command. The serverssl profile isn't attached to the VIP until the server side context, sothe first event you can get a valid result in is HTTP_REQUEST_SEND.

I have a faint recollection of one of the developers saying that the PROFILE:: command is expensive in terms of CPU. So if you don't need to use it in production, it might be better not to. Maybe someone can provide more correction/clarification on this. 

 
 when HTTP_REQUEST { 
  
    if {([PROFILE::exists serverssl] == 1) && ([PROFILE::serverssl mode] == 1)} { 
       log local0. "Server SSL enabled" 
    } else { 
       log local0. "Server SSL not enabled" 
    } 
 } 
 when HTTP_REQUEST_SEND { 
  
    if {([PROFILE::exists serverssl] == 1) && ([PROFILE::serverssl mode] == 1)} { 
       log local0. "Server SSL enabled" 
    } else { 
       log local0. "Server SSL not enabled" 
    } 
 }

Output:

: Server SSL not enabled

: Server SSL enabled

Aaron