For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bernie_9326's avatar
bernie_9326
Icon for Nimbostratus rankNimbostratus
Feb 24, 2010

in layer 7 routing, how to direct request under SSL

Hi Wondering if you can help. We are trying to use layer 7 routing to send web requests to three different pools. Our questions are - is there a way to set up Layer 7 routing such that ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Feb 25, 2010
Hi Bernie,

In order to inspect or modify the HTTP headers or payload for HTTPS traffic, you need to import the cert/key to LTM and configure them in a client SSL profile. You can then use an iRule like the one you've posted to inspect the HTTP and select a pool based on the URI.

Also, you can use a switch statement to evaluate the URI. It's a bit more efficient and easier to organize. 

 
 when HTTP_REQUEST { 
    log local0. "uri=[HTTP::uri]" 
  
     Check the requested URI 
    switch -glob [HTTP::uri] { 
       "/acme*" { 
          log local0. "  going to pool-acme" 
          pool pool-acme 
       } 
       "/onlyssl*"} { 
          pool pool-onlyssl 
          log local0. "  going to onlyssl" 
       } 
       default { 
          pool pool-bob 
          log local0. "  going to pool-bob" 
       } 
    } 
 }

Aaron