Forum Discussion
noje_224243
Nimbostratus
NimbostratusiRule rejects connections but there is no reject command
Hi all,
We have a VS with several SSL sites. There is an iRule which looks like:
when SERVER_CONNECTED {
if { $doSSL == 1 }{
SSL::profile Server-profile1 }
elseif { $doS...
Add a logging statement to the SERVER_CONNECTED event before the
command to determine whether the exception is being raised from there. If so, place it in theif
clause before and after theelseif
command the determine whether that is the cause. I suspect that BIG-IP doesn't want to connect the profile for one reason or another.SSL::profileIncidentally, in the SERVER_CONNECTED you can also use a
:switchwhen SERVER_CONNECTED { log local0. "-- In SERVER_CONNECTED --" switch $doSSL { "1" { SSL::profile Server-profile1 } "2" { SSL::profile Server-profile2 } ... "9" { log local0. " -- doSSL == 9 --" SSL:profile Server-profile9 log local0. " -- after SSL::profile --" } } }
VernonWells
Employee
EmployeeAdd a logging statement to the SERVER_CONNECTED event before the
ifelseifSSL::profileIncidentally, in the SERVER_CONNECTED you can also use a
switchwhen SERVER_CONNECTED {
log local0. "-- In SERVER_CONNECTED --"
switch $doSSL {
"1" { SSL::profile Server-profile1 }
"2" { SSL::profile Server-profile2 }
...
"9" {
log local0. " -- doSSL == 9 --"
SSL:profile Server-profile9
log local0. " -- after SSL::profile --"
}
}
}
noje_224243This was strange... I tried your log lines and nothing got logged, even for working sites. That made me think if the iRule was correctly updated in the config or not. I checked bigip.conf and everything was OK. So I made a copy of the iRule and replaced it in the VS. Now everything is working and logged. I really don't know what happened here, but something was wrong with that iRule internally. BTW thanks for the switch suggestion, it was on my To-Do list :-)