Forum Discussion

integracion_s21's avatar
integracion_s21
Icon for Nimbostratus rankNimbostratus
Jun 14, 2010

Force HTTP communication

Greetings,

We have configured two virtual servers: VS_App1 : 443 & VS_App1 : 80

 

There is one iRule applied to both, that checks the URI and according to it, selects the corresponding pool. For some requests arriving to the SSL port, we need to send them through HTTP (not HTTPS) to some pools.

 

If we simply select a pool listening on the port 80 and send the request it does not work, because it tries to send it through HTTPS.

 

Since the iRule is associated to both Virtual servers, we cannot use SSL:disable, because the VS_App1 : 80 has no SSL profile associated.

 

Does anybody have another idea ? Thanks!
application delivery
dev
devops
iRules
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jun 14, 2010
    You can "hide" the SSL::disable command from the iRule parser and only use the command when the VIP port (TCP::local_port) is HTTPS and the pool is not for HTTPS: 

    when LB_SELECTED {

    Check if the VIP port is for SSL
    This could be a single port like 443 or multiple ports
   switch [TCP::local_port] {
      443 {
          Check if server port is not SSL
 if {!([LB::server port] == 443)}{
            set ssl_disable_cmd "SSL::disable serverside"
            eval $ssl_disable_cmd
         }
      }
   }
}

    If the exact logic isn't correct for your scenario and you want help adjusting the example, please reply with more info on when you want to disable SSL on the serverside connection.

    Thanks, Aaron
  • integracion_s21's avatar
    integracion_s21
    Icon for Nimbostratus rankNimbostratus
    Jun 14, 2010
    Greetings Aaron,

    I have modified my iRule following part of the code that you gave me and now it works. This is an example of my iRule:

     

    Before:

     

    when HTTP_REQUEST {
switch -glob [HTTP::uri] {
"/resource-app1/*" {
HTTP::header replace "Host" "resource-app1.domain1.com"
pool pool_resource-app1.domain1.com
log local0. "Proxied redirection to resource-app1.domain1.com [HTTP::uri]"
}
}
}

    After:

     

    when HTTP_REQUEST {
switch -glob [HTTP::uri] {
"/resource-app1/*" {
HTTP::header replace "Host" "resource-app1.domain1.com"
if { [TCP::local_port] equals 443 } {
set ssl_disable_cmd "SSL::disable serverside"
eval $ssl_disable_cmd
log local0. "Local TCP Port [TCP::local_port]-LB Server Port[LB::server port]"
}
pool pool_resource-app1.domain1.com
log local0. "Proxied redirection to resource-app1.domain1.com [HTTP::uri]"
}
}
}

    Thank you very much!