Forum Discussion
How do I set serverssl profile in iRules when VS doesn't have serverssl profile?
My apologies if this has already been posted. A quick search on serverssl didn't return the results for which I was hoping.
Is it possible to enable serverssl for one pool using iRule even though the virtual server doesn't have a serverssl profile defined?
I'm working on a virtual server that shouldn't need a serverssl profile because the default pool listens for plain text. In one case though, I need to send requests for a particular URI to a different server pool that listens for encrypted traffic.
I've seen plenty of examples for 'the other way around' - for example:
http://devcentral.f5.com/default.aspx/Default.aspx?tabid=28&forumid=5&postid=4242&view=topic
But I can't seem to figure out how to say "use this pool and this serverssl profile with it" within an iRule.
Thus far, I've bitten the bullet by setting a serverssl profile in the virtual server and using something like this:
set usessl 0
&
when SERVER_CONNECTED {
if { $usessl == 0 } {
SSL::disable
}
}
within an iRule to work around the fact that my default pool uses plain text between F5 and the pool members.
Thanks,
InfoMonkey
4 Replies
- I believe that is the recommended approach for selective re-encryption...
/deb - Deb,
Could you please open a CR on this? I'd really like to be able to configure the serverssl profile based on the pool assignment within an iRule.
Thanks,
InfoMonkey - Hi InfoMonkey --
You can open a new case with the relevant details @ http://websupport.f5.com and request a product enhancement.
/deb - I've entered a case at websupport.f5.com on this issue.
