Forum Discussion
Mark_J__Schelle
Nimbostratus
NimbostratusiRule "Sorry server" pool change from SSL to non-SSL?
Hello DevCentral -
I am working with a team member on something that has turned into a rather unusual request. For our normal service, the client connects SSL, we break that connection, insert som...
nitass
Employee
Employeecan we just disable ssl on serverside?
e.g.
config
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
destination 172.28.24.10:443
ip-protocol tcp
mask 255.255.255.255
pool foo443
profiles {
clientssl {
context clientside
}
http { }
serverssl {
context serverside
}
tcp { }
}
rules {
qux
}
source 0.0.0.0/0
source-address-translation {
type automap
}
vs-index 6
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool foo443
ltm pool foo443 {
members {
200.200.200.101:443 {
address 200.200.200.101
}
}
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool sorry80
ltm pool sorry80 {
members {
200.200.200.111:80 {
address 200.200.200.111
}
}
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when HTTP_REQUEST {
if { [active_members [LB::server pool]] <= 0 } {
SSL::disable serverside
pool sorry80
}
}
}
pool443 is up
[root@ve11a:Active:In Sync] ~ curl -k https://172.28.24.10
This is 101 host.
pool443 is down
[root@ve11a:Active:In Sync] ~ tail -f /var/log/ltm
Jan 22 23:40:14 ve11a notice mcpd[6957]: 01070638:5: Pool /Common/foo443 member /Common/200.200.200.101:443 monitor status down. [ /Common/fake: down ] [ was unchecked for 0hr:7mins:54sec ]
Jan 22 23:40:14 ve11a err tmm[14419]: 01010028:3: No members available for pool /Common/foo443
Jan 22 23:40:14 ve11a err tmm1[14419]: 01010028:3: No members available for pool /Common/foo443
[root@ve11a:Active:In Sync] ~ curl -k https://172.28.24.10
This is 111 host.
