For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Derik_H__175358's avatar
Derik_H__175358
Icon for Nimbostratus rankNimbostratus
Oct 27, 2014

How to set session affinity for SSL URLs.

Hi,   I've been asked to write an irule to provide to a datacenter that will be hosting our servers. I know they have a huge LB, but they haven't given us any specifics on it. All of our connect...
application delivery
design
devops
iRules
LTM
persistence
url
Jason_40733's avatar
Jason_40733
Icon for Cirrocumulus rankCirrocumulus
Oct 28, 2014

If the one URL doesn't NEED affinity but the others do, I'd recommend just setting affinity by SSL session ID or via the source IP address if the load balancer isn't terminating SSL. Getting affinity when it's not needed shouldn't harm anything.

If the load balancer is terminating SSL, I'd still use a generic cookie persistence or other appropriate type of persistence.

Since you're trying to make this determination based on the URL.. I'm guessing the load balancer IS terminating the SSL and that you MUST set persistence on the one URL and not on the other.

This link has good info: https://devcentral.f5.com/questions/using-irule-to-set-persistence-profile

Quoting Mikeshimkus direction...

when HTTP_REQUEST {
    if { [string tolower [HTTP::uri]] contains "myuri" }  {
            persist source_addr
       }
}

Just replace the variable and persistence type with whichever type you prefer.

Jason