Forum Discussion
MatthewStyles_3
Nimbostratus
NimbostratusiRule for custom traffic flow
Hi!
We currently have a setup where we have a HTTPS website which customers can upload both text and media (Sound or video) to a server and this data is stored in the cloud. This data is then p...
Matt,
To perform this action, there are a couple things you need.
- Client-ssl and server-ssl profile on the virtual server.
- Identify requests with content.
Here is a simple example iRule that should accomplish what you need. I'm working under the assumption any POST will have content you want to inspect.
when HTTP_REQUEST { if {![info exists DEFAULT_POOL]} { set DEFAULT_POOL [LB::server pool] } set INSPECT 0 if {[HTTP::method] eq "POST"} { request should contain conent, select server the inspection pool pool inspection_servers set INSPECT 1 } else { pool $DEFAULT_POOL } } when SERVER_CONNECTED { do not encrypt server-side if destined to inspection pool if {$INSPECT} { SSL::disable } }If you use a OneConnect profile, you should be able to remove the default pool selection as long as you're not running 11.5.3 HF2 or 12.0.0 - 12.0.0 HF3.
when HTTP_REQUEST { set INSPECT 0 if {[HTTP::method] eq "POST"} { request should contain conent, select server the inspection pool pool inspection_servers set INSPECT 1 } } when SERVER_CONNECTED { do not encrypt server-side if destined to inspection pool if {$INSPECT} { SSL::disable } }As with anything, there is often more than one answer. Hopefully this will at least point you in the right direction.
Jeremy_Church_3
Cirrus
CirrusMatt,
To perform this action, there are a couple things you need.
- Client-ssl and server-ssl profile on the virtual server.
- Identify requests with content.
Here is a simple example iRule that should accomplish what you need. I'm working under the assumption any POST will have content you want to inspect.
when HTTP_REQUEST {
if {![info exists DEFAULT_POOL]} { set DEFAULT_POOL [LB::server pool] }
set INSPECT 0
if {[HTTP::method] eq "POST"} {
request should contain conent, select server the inspection pool
pool inspection_servers
set INSPECT 1
} else {
pool $DEFAULT_POOL
}
}
when SERVER_CONNECTED {
do not encrypt server-side if destined to inspection pool
if {$INSPECT} { SSL::disable }
}
If you use a OneConnect profile, you should be able to remove the default pool selection as long as you're not running 11.5.3 HF2 or 12.0.0 - 12.0.0 HF3.
when HTTP_REQUEST {
set INSPECT 0
if {[HTTP::method] eq "POST"} {
request should contain conent, select server the inspection pool
pool inspection_servers
set INSPECT 1
}
}
when SERVER_CONNECTED {
do not encrypt server-side if destined to inspection pool
if {$INSPECT} { SSL::disable }
}
As with anything, there is often more than one answer. Hopefully this will at least point you in the right direction.
MatthewStyles_3Nimbostratus
NimbostratusHi Jeremy,
Apologies for the wait, over the last week we've had a redesign of the application which now means that my original question no-longer applies to our situation. I didn't want to be one of those guys that never come back after an answer is given and so I just wanted to say thank you for helping me out, it really is very much appreciated.
iRules are definitely something I will need to understand further and your answer was a very good start in helping me understand how they operate.
Thanks again Matt