Forum Discussion
JayP_46820
Nimbostratus
NimbostratusiRule order of operation (SSL offloading)
Hi Guys,
Have a noobie question on iRules, am not a programmer but need to get this working somehow!
We have an LEGACY iRule which looks at HTTP header and then sends traffic to relevant Pool. Th...
JayP_46820Nimbostratus
NimbostratusThanks Kevin,
For some reason I couldn't edit above post and code was mangled, sorry about that.
Actually at the moment there is no server side SSL profile on the VS, as all current SSL is offloaded by the F5. Only the particular traffic for mrsproxy will need to have server side SSL. Not sure if that is supported.
Perhaps I can still combine the iRules like this?
when HTTP_REQUEST {
If the request is for a proxy.svc URI select a separate pool
and leave serverssl enabled
if { [HTTP::path] eq "/EWS/mrsproxy.svc"}{
pool exchange_secure_pool
}
return
OAB and Autodiscover do not require persistence.
switch -glob -- [string tolower [HTTP::path]] {
"/microsoft-server-activesync" {
Direct all ActiveSync clients to a common pool; use Auth
header value if it exists (Basic auth only, which is the
default); otherwise we fall back to client IP
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} elseif { [HTTP::header exists "Authorization"] } {
persist uie [HTTP::header "Authorization"] 7200
} else {
persist source_addr
}
pool exchange_as_pool
COMPRESS::disable
CACHE::disable
return
}
}
default {
This final section takes all traffic that has not otherwise
been accounted for and sends it to the pool for Outlook Web App
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist source_addr
}
pool exchange2010_owa_pool
}
}
}
when HTTP_RESPONSE {
if { [string tolower [HTTP::header values "WWW-Authenticate"]] contains "negotiate"} {
ONECONNECT::reuse disable
ONECONNECT::detach disable
NTLM::disable
}
if {[HTTP::header exists "Transfer-Encoding"]} {
HTTP::payload rechunk
}
}